One item to prove the point against the storing of credit card information is the potential liability of your company in the event your database is compromised. This is turning into the new frontier of Tort claims, and insurance companies are backing off of liability coverage as momentum grows to sue the merchant who allowed his system to be compromised, either from the outside or the inside.
Second, and this is my own opinion, there is no business justification for keeping databases of credit card information, that is, unless you are the card issuer. The merchant should limit his use of this information only to the extent necessary to secure payment for the sale, after which all references to the card should, as a best practice be erased. You are under obligation to seek another means to efficiently handle returns and credits, and not only protect the privacy and security of the card holder, but to protect you against liability for misuse of the information. Third, there is also the matter of trust. The card holder must be able to trust his merchant to properly secure his information in order to build a base of business. ----- Original Message ----- From: "Roger Dahlstrom" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 23, 2002 2:08 PM Subject: RE: offTopic: Saving Credit Card Info You could always point him to the myriad news stories that show how people are able to run exploits to download card databases... Personally, I do store them, but on an offline database with encryption. I find that it's easier to process certain customer service issues such as returns. -----Original Message----- From: Josh Carrico [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:29 AM To: [EMAIL PROTECTED] Subject: offTopic: Saving Credit Card Info Sorry for the Extremely off topic question... But, would anyone happen to know any good resources for proving a point to my employer that we shouldn't Store Credit Card information? Apparently Verisign's word to the wise that "credit card numbers (If they must be stored) should be stored encrypted (It is best not to store credit card numbers at all)" AND all the cases of Hackers stealing credit card numbers just doesn't phase them. Thanks in advance. Josh Carrico ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
