Hey, I don't exactly know why the credit card is needed but they gave me a pdf version of the form they get people to fill out manually and it's on there so... I had hoped I could find api's for the services they then re-enter the information into with no luck. They said they have to take the information and submit it to 1/3 different locations on a case for case basis each requiring slightly different information.
I agree I've never had my credit card requested for a credit check, all you actually need is the sin number. But thanks, I'll look into the PCI security guidelines and make sure to follow them thoroughly. Maybe I can get them to re-asses the form and not require it. But even the rest of the information is still pretty sensitive enough to aim for the best of security. I'm still wondering though how to go about creating the secure connections. As well, if I am storing this kind of sensitive data maybe it would be a good idea to have an expiry. Data will only be held for so long before it is wiped from the db? The answers have kind of unnerved me. Is this maybe a job I should re- assess doing all together? Or as long as I follow the guidelines it should be okay? thanks, brian On Sep 27, 7:03 pm, Marnen Laibow-Koser <rails-mailing-l...@andreas- s.net> wrote: > brianp wrote: > > Well that was the question. Whats the best way to go about this. If > > it's more secure to just get the information to the recipient by email > > then so be it. It needs to be somewhere long enough for someone to > > manually run the check then it can be gone. So whatever the most > > secure way to do that is. > > E-mail would be less secure than a properly guarded DB with a secure > connection, I think. But..surely you don't need a credit card number to > run a credit check, do you? (I don't think I've ever been asked for > mine.). If you do, then please make sure you follow the PCI security > guidelines. > > Best, > -- > Marnen Laibow-Koserhttp://www.marnen.org > [email protected] > -- > Posted viahttp://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
