On Tue, Jun 22, 2010 at 8:41 AM, Scott Stroz <[email protected]> wrote: > He sends me an email late Friday afternoon asking me to not start > working as it will cost more than he wants to pay (I had already put > in a few hours which he already said he will nto pay me for). > > My question is, I know the credit card information this guy's > customers are supplying to him is not secure, do I have an ethical > obligation to report him?
No. ...and doing so invites bad karma. I ran into a situation like this about 10 months ago and walked, no RAN away... I would even suggest that you not pursue payment for any initial services rendered since it leaves a paper trail that can be followed back to you in the event that he does have a massive card theft or identity theft problem in the future. Alot of small companies, particularly ones that are run by non-technical people, are in a situation right now where their business model does not pay enough to be able to afford to upgrade to PCI compliance. The owners simply have no ability to become PCI compliant. They can't afford it, period. Their only real choice is to go out of business, which they also don't want to do. Most of them are going to keep limping along till they get caught, at which point they will go out of business. In the meantime they are desperately looking for someone to help them become PCI compliant within their budget. I would stay away from anyone in this situation. There is a high likelihood that the owner has no idea what is involved in PCI compliance, doesn't want to know, and has their head in the sand. They are also at increased risk of non-payment. Bad Mojo all around. -Cameron ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:321662 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-community/unsubscribe.cfm
