Yes, it's mainly geared toward processors and not individual merchants. On 8/8/03 10:33 AM, "Waitman C. Gobble, II" <[EMAIL PROTECTED]> wrote:
>> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Rich Salz >> Sent: Friday, August 08, 2003 8:17 AM >> To: Shawn P. Stanley >> Cc: [EMAIL PROTECTED] >> Subject: Re: Visa CISP >> >> >> I would be concerned about the "standards" part of the >> statement. If they are heading toward requiring Common >> Criteria (or FIPS-140), then folks developing VISA >> applications using OpenSSL will pretty much be forced to >> spend lots of money getting certified, or to use certified >> crypto engines. >> > > Hello Rich, > > I completely understand your point. However there are also 89 other > ways to create lots of expense - on their questionnaire. > > And it does seem possible that a lot of people could be forced out of > business in April 2004. > > Frankly it would seem wise for a merchant to have absolutely nothing to > do with the actual credit card numbers, billing information, etc. > > Take care, > > Waitman Gobble > EMK Design > Telephone (714) 522-2528 > Toll Free (877) 290-2768 > http://emkdesign.com > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
