If you work at a publicly traded company you need to look into Sarbanes Oxley as well
> -----Original Message----- > From: Baz [mailto:[EMAIL PROTECTED] > Sent: Friday, January 13, 2006 10:34 AM > To: CF-Talk > Subject: RE: Encrypt CC number and store in DB > > I read a bit about PCI Data Security Standard and it doesn't > seem to be a big deal. This article summarizes it: > http://mkruger.cfwebtools.com/index.cfm?mode=alias&alias=cc.secure > > > The standard doesn't even ask that you encrypt stored values > - just the transmission of values (SSL) > > It really defines minimums. > > Baz > > > > -----Original Message----- > From: Robertson-Ravo, Neil (RX) > [mailto:[EMAIL PROTECTED] > Sent: Friday, January 13, 2006 10:05 AM > To: CF-Talk > Subject: RE: Encrypt CC number and store in DB > > Just ensure you are 100% compliant with the PCI Data Security > Standard, or you can pay the consequence. > > > > -----Original Message----- > From: Baz [mailto:[EMAIL PROTECTED] > Sent: 13 January 2006 15:11 > To: CF-Talk > Subject: RE: Encrypt CC number and store in DB > > Those are good points bobby, but I'm sure you could think of > at least 1 valid scenario where CC numbers are required for > later charging... > > What about using a CC number to see if that CC has enough > funds and then doing the charging it later? Or better yet, > what if you have customers who purchase very frequently? They > DEMAND to have their number stored instead of typing it in each time. > > These are already 2 valid cases. > > Baz > > > -----Original Message----- > From: Bobby Hartsfield [mailto:[EMAIL PROTECTED] > Sent: Friday, January 13, 2006 9:23 AM > To: CF-Talk > Subject: RE: Encrypt CC number and store in DB > > Do you actually get people to give you their credit card > information without them even knowing: > a) how much they are going to be charged > b) whether or not you charge them more for shipping because > of where they live > c) if what they WANT to order is even in stock? > > If so, you must have one user friendly, warm and fuzzy > feeling generating site to make people feel that comfortable. > (is it basket basics dot com?) > > Why would any of that information (in stock, shipping cost, > shipping location, etc..., and a FINAL price) not be > obtainable BEFORE getting the credit card number? If any of > it IS unobtainable without a Credit Card number, it sounds > like a flawed system to me. > > > ....:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:. > Bobby Hartsfield > http://acoderslife.com > > > > -----Original Message----- > From: Stephens, Larry V [mailto:[EMAIL PROTECTED] > Sent: Friday, January 13, 2006 8:44 AM > To: CF-Talk > Subject: RE: Encrypt CC number and store in DB > > The best way is DO NOT DO IT. > > No I'm not just being sarcastic....but there should be no > reason to do this > > [snip] > > Except - we don't know the final cost until the items > purchased are packaged and postage/freight is figured. (And > we make sure the items are actually in stock and not on > order, etc.) The configuration (i.e., number of boxes) can > vary a great deal depending on what is ordered (some things > will pack inside others, etc.) and, of course, the actual > charge depends on where you are shipping it (and keeping up > with UPS and USPS shipping tables is no trivial matter). > > Larry Stephens > [EMAIL PROTECTED] > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229468 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
