Hmm, This is kind of throwing a new twist on things.
When it comes to liability, who is liable, the merchant running the system, the develper that created the system, or both? If the develper is included, would that be mitigated in that he created the system to the merchant's specifications? Also, in terms of the developer, would this be covered under errors and omissions insurance, or would they take the position that the developer should have known better and was negligent in creating a non-compliant system leaving the developer on the hook for damages? Gary > -----Original Message----- > From: Bastien Koert [mailto:[EMAIL PROTECTED] > Sent: Wed, December 19, 2007 11:02 PM > To: Daniel Brown > Cc: Keith Spiller; php-db@lists.php.net > Subject: RE: [PHP-DB] Credit Card Encryption > > > > Dan, > > Normally I would completely agree, its our job to find those > solutions. Unfortunately, the sector that my FT job deals > with is retail and many of our clients are in this bind with > PCI data. Hefty fines are charged to those not in compliance. > The major CC companies are taking this so seriously and the > ramifications are being felt in many IT shops. Compliance > failure can lead to loss o privileges to accept CCs. > > Its gonna force us to be more creative in how we handle the > data and create the applications that allow our clients to > offer ecommerce, we will have to learn some business skills > to make this happen. It may mean that its becomes more > contractual in dealing with third parties, where the ecommece > shop effects payment on behalf of the vendors. The OP may > need to help his client work out a better way to manage the > transactions between the related parties by finding ways to > automate the various transactions and provide gateway access... > > I, too, like to eat... ;-P > > bastien > > > > Date: Wed, 19 Dec 2007 17:21:57 -0500> From: > [EMAIL PROTECTED]> To: [EMAIL PROTECTED]> Subject: Re: > [PHP-DB] Credit Card Encryption> CC: [EMAIL PROTECTED]; > php-db@lists.php.net> > On Dec 19, 2007 4:45 PM, Bastien > Koert <[EMAIL PROTECTED]> wrote:> >> > Nope, I still > would not recommmend it. The only place the CC data should > travel to is the payment gateway. Anything else is a security > risk. Why does your client process by hand? They should be > using a payment gateway.> > That's true, Bastien, but if for > whatever reason it's not an> option for them, what? Tell them > it's tough cookies and they're SOL?> > Our job as programmers > - especially freelance - is to make things> happen as safely > and securely as we can, but as a bottom line, make it> > happen. I'm sure we (most of us) take the responsibility to> > discourage a client from making such choices, and to educate > them on> alternatives that are better for their interests, > but still - at the> end of the day, we're still just code > monkeys. We're expected to> build what the client needs, or > else they'll find someone else to do> it for them.> > And I > don't really like to go hungry. ;-)> > -- > Daniel P. Brown> > [Phone Numbers Go Here!]> [They're Hidden From View!]> > If > at first you don't succeed, stick to what you know best so > that you> can make enough money to pay someone else to do it for you. > _________________________________________________________________ > Exercise your brain! Try Flexicon! > http://puzzles.sympatico.msn.ca/chicktionary/index.html?icid=htmlsig -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
