"If this is a company that is big enough to have branch offices then they should also be big enough to spend the relatively small dollars for a merchant connection. Cheapskates?"
Shuuuuuush... They might hear you!! Haha Every job I do for this client is nailed down to the last cent (I think I might have missed an email about the illegal bit ??) mike -----Original Message----- From: Matt Robertson [mailto:[EMAIL PROTECTED] Sent: Thursday, 22 September 2005 12:52 p.m. To: CF-Talk Subject: Re: Credit card storage Inadvisable, definitely, but illegal? When did that law get passed? Do you have a link to it? And does it apply to the AU/NZ jurisdiction the poster is in? I know the security audit bit came up in June of this year as a requirement for most businesses (although the reality has been that only a very few of my clients -- a grand total of one -- have actually been audited) but I have yet to hear of a law passed that bans cc number storage by a web merchant. http://developer.perthweb.com has a very strong public/private key RSA encryption system that is very likely to satisfy your encryption needs insofar as the sensitive info is concerned. Its US$39 per domain so thats reasonable in the extreme. You'll have to make sure that the customer does their job with respect to pasting in the private key to retrieve their cc info, and that key should be subject to rigorous procedural and personnel controls in the brick/mortar store. If you go and put both keys on the server then the exercise is basically worthless. But do it right and you can make the best of a bad idea. Part of doing it right is employee training. Stuff like 'delete the order off the web site as soon as you retrieve it' and forcing any view of data to be done visually over SSL. No downloads unless you do something like secure FTP with an encrypted password string... the latter being easier said than done unless you can specify the ftp server and ftp client. If this is a company that is big enough to have branch offices then they should also be big enough to spend the relatively small dollars for a merchant connection. Cheapskates? -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com <http://mysecretbase.com> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:218909 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
