I take the view that I warn our customers about the dangers, and if really 
concerning ask for an indemnity or a very formal request for change. I really 
try to convince them of the correct path and keep any emails regarding the 
issues as backup
Its a drag when you really have to consider how to cover your ass on this. 
Lawyers suck too. ;-P
bastien> From: [EMAIL PROTECTED]> To: [EMAIL PROTECTED]> CC:> Subject: RE: [PHP-DB] Credit Card Encryption> Date: Wed, 
19 Dec 2007 23:21:52 -0500> > Hmm,> > This is kind of throwing a new twist on 
things.> > When it comes to liability, who is liable, the merchant running the 
system, the develper that created the system, or both?> > If the develper is 
included, would that be mitigated in that he created the system to the 
merchant's specifications?> > Also, in terms of the developer, would this be 
covered under errors and omissions insurance, or would they take the position 
that> the developer should have known better and was negligent in creating a 
non-compliant system leaving the developer on the hook for> damages?> > Gary> > 
> -----Original Message-----> > From: Bastien Koert [mailto:[EMAIL PROTECTED]> 
> Sent: Wed, December 19, 2007 11:02 PM> > To: Daniel Brown> > Cc: Keith 
Spiller;> > Subject: RE: [PHP-DB] Credit Card Encryption> 
>> >> >> > Dan,> >> > Normally I would completely agree, its our job to find 
those> > solutions. Unfortunately, the sector that my FT job deals> > with is 
retail and many of our clients are in this bind with> > PCI data. Hefty fines 
are charged to those not in compliance.> > The major CC companies are taking 
this so seriously and the> > ramifications are being felt in many IT shops. 
Compliance> > failure can lead to loss o privileges to accept CCs.> >> > Its 
gonna force us to be more creative in how we handle the> > data and create the 
applications that allow our clients to> > offer ecommerce, we will have to 
learn some business skills> > to make this happen. It may mean that its becomes 
more> > contractual in dealing with third parties, where the ecommece> > shop 
effects payment on behalf of the vendors. The OP may> > need to help his client 
work out a better way to manage the> > transactions between the related parties 
by finding ways to> > automate the various transactions and provide gateway 
access...> >> > I, too, like to eat... ;-P> >> > bastien> >> >> > > Date: Wed, 
19 Dec 2007 17:21:57 -0500> From:> > [EMAIL PROTECTED]> To: [EMAIL PROTECTED]> 
Subject: Re:> > [PHP-DB] Credit Card Encryption> CC: [EMAIL PROTECTED];> >> > On Dec 19, 2007 4:45 PM, Bastien> > Koert <[EMAIL 
PROTECTED]> wrote:> >> > Nope, I still> > would not recommmend it. The only 
place the CC data should> > travel to is the payment gateway. Anything else is 
a security> > risk. Why does your client process by hand? They should be> > 
using a payment gateway.> > That's true, Bastien, but if for> > whatever reason 
it's not an> option for them, what? Tell them> > it's tough cookies and they're 
SOL?> > Our job as programmers> > - especially freelance - is to make things> 
happen as safely> > and securely as we can, but as a bottom line, make it>> > 
happen. I'm sure we (most of us) take the responsibility to>> > discourage a 
client from making such choices, and to educate> > them on> alternatives that 
are better for their interests,> > but still - at the> end of the day, we're 
still just code> > monkeys. We're expected to> build what the client needs, or> 
> else they'll find someone else to do> it for them.> > And I> > don't really 
like to go hungry. ;-)> > -- > Daniel P. Brown>> > [Phone Numbers Go Here!]> 
[They're Hidden From View!]> > If> > at first you don't succeed, stick to what 
you know best so> > that you> can make enough money to pay someone else to do 
it for you.> > 
_________________________________________________________________> > Exercise 
your brain! Try Flexicon!> >> 
Exercise your brain! Try Flexicon!

Reply via email to