It's FAR less dangerous to implement what you are suggesting than it is to simply pay for your dinner with a credit card.
I agree with this. There is way too much paranoia about credit cards online. 99% of stolen credit card numbers are acquired by phishing and
It depends on the exact situation, but a lot of times the vendors that process a fraudulent credit card purchase end up eating that loss. At that point their only recourse is to go after the person that perpetrated the fraud. In the case of phishing it is whomever harvested the cc#. However, in the case of getting cc#'s from your website it is both the person that cracked your site *as well as you*.
the other 1% by uncrumpling receipts out of a wastebasket. There's no longer any reason to go to the trouble of trying to crack encryption. Remember the knight who went into battle wearing armor only on his legs?
I suppose that if you want to disregard the risk as minimal, well, that's your business. However, even if you believe that the risk of someone stealing your customer's credit card numbers from your server is minimal you still *must* consider the potential cost of being compromised. My financial colleagues would state this as:
expected cost = probability * (drop in future sales revenue + attorney litigation fees + damages awarded in lawsuit)
Perhaps it's not clear, but litigation might include lawsuits from the credit card company... or the hundreds of *other* companies that get screwed by the fraudulent credit card purchases. Even if you manage to win all of those lawsuits, the litigation fees alone are likely enough to bankrupt you.
So even if you only think the probability of being compromised is 1 / 1000... do the math... is it really worth it for you to do this?
-- Teach a man to fish...
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://www.php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY | http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
