On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote:
Ok I've done some research and some thinking. What about storing orders in
the database (product info and customer info) and then using GnuPG or PGP to
send the credit card info to the merchant? This way the credit card
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel Brown wrote:
On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote:
Ok I've done some research and some thinking. What about storing orders in
the database (product info and customer info) and then using GnuPG or PGP to
send the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jason Gerfen wrote:
Daniel Brown wrote:
On Dec 19, 2007 2:41 AM, Keith Spiller [EMAIL PROTECTED] wrote:
Ok I've done some research and some thinking. What about storing orders in
the database (product info and customer info) and then using GnuPG
Without trying it, I would assume php (since it's typeless) would just
cast the string back into a number? I wouldn't do it for another reason-
possible loss of accuracy.
-Micah
On 12/16/2007 10:08 AM, Stephen Johnson wrote:
You will lose your decimal places during normal calculations...
Nope, I still would not recommmend it. The only place the CC data should travel
to is the payment gateway. Anything else is a security risk. Why does your
client process by hand? They should be using a payment gateway.
bastien From: [EMAIL PROTECTED] To: [EMAIL PROTECTED];
On Dec 19, 2007 4:45 PM, Bastien Koert [EMAIL PROTECTED] wrote:
Nope, I still would not recommmend it. The only place the CC data should
travel to is the payment gateway. Anything else is a security risk. Why does
your client process by hand? They should be using a payment gateway.
Dan,
Normally I would completely agree, its our job to find those solutions.
Unfortunately, the sector that my FT job deals with is retail and many of our
clients are in this bind with PCI data. Hefty fines are charged to those not in
compliance. The major CC companies are taking this so
Hmm,
This is kind of throwing a new twist on things.
When it comes to liability, who is liable, the merchant running the system, the
develper that created the system, or both?
If the develper is included, would that be mitigated in that he created the
system to the merchant's specifications?
Gary,
I take the view that I warn our customers about the dangers, and if really
concerning ask for an indemnity or a very formal request for change. I really
try to convince them of the correct path and keep any emails regarding the
issues as backup
Its a drag when you really have to
