In that case, I would make the client aware of the risks, and make them sign a disclaimer. Forgoing a client's 15-30 seconds of convenience, or even losing a client, seems better than the potential liability.
----- Original Message ----- From: "Don Vawter" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Friday, November 16, 2001 3:02 PM Subject: Re: Best practices storing CC > I don't WANT to store credit card information. The question is whether the > customer is willing to reenter cc number every month. The billing is > monthly but unlike a subscription the charge is not constant which seems to > be difficult for the providers to handle. Currently I use payflow from > Verisign (cfm app by the way) and am perfectly happy with them. I am just > afraid in this new scenario that a B2B customer is unlikely to be happy > filling in cc info every month. Any better solutions would be very welcome. > I could even go the paper invoicing method if necessary but that seems > terribly inefficient. > > > ----- Original Message ----- > From: "BILLY CRAVENS" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Friday, November 16, 2001 1:07 PM > Subject: Re: Best practices storing CC > > > > <cf_cya> > > I would strongly recommend against storing credit card numbers > anywhere. > > 1. potential for thousands, if not millions, in dollars of liability > > 2. if the site's customers find out, they will likely go somewhere > else > > (I do when I know a site stores my card #) > > 3. performance - CF's encryption is too weak - you'd need to use > > something third-party which would probably be a load increase > > 4. see #1 > > 5. see #4 > > 6. see #5 > > </cf_cya> > > > > However, if you just HAVE to keep your users from reentering their card # > > every time, look at some third party solutions. Microsoft's comes to > mind. > > (Okay ppl - let's pretend like we're mature and not turn this into another > > pathetic "why Microsoft is bad thread" - I'm just pointing out a potential > > technology) I don't know how much faith I have in other company's > security > > infrastructures, but I'd be willing to bet that it's far better than > > anything that I could ever hope to build. > > > > > > > > > > ----- Original Message ----- > > From: "Don Vawter" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Friday, November 16, 2001 1:46 PM > > Subject: Best practices storing CC > > > > > > > Any advice on storing credit card info? > > > > > > > > > My thoughts are that it should be stored in a separate db which is not > > > accessible via web > > > and have cf push the info to a template behind the firewall to do the > > actual > > > authorization and push the results back to the main server. Does this > make > > > sense or am I making it too complicated (or leaving something obvious > > out). > > > > > > What are recommendatsions on encyption, is DES ok or do I need something > > > else? > > > > > > TIA > > > > > > Don > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
