Re: [PHP-DB] Security and MYSQL databases
Here's a few payment processors. Some of them are located in United States and others in United Kingdom. Haven't tried all of them personally, but many professionals have recommended them. PayPal is still the best way to go because of its low cost. VeriSign is probably the most secure of all but it's also one of the most expensive. Datacash has a very usefull test service for testing out your transactions. You can perform test transactions using so-called magic credit card munbers supplied by DataCash, which will accept or decline transactions without performing any actual financial transactions. This is fantastic for development purposes, because you don't want to use your own credit cards for testing. Hope they are of use Gateway Services: United States URLUnited Kingdom URL CyberCash http://www.cybercash.com/ Arcot http://www.arcot.com First Data http://www.firstdata.com/ WorldPay http://www.worldpay.com/ Cardservicehttp://www.cardservice.com/DataCash http://www.datacash.com/ International VeriSign http://www.verisign.com/ ICVerify http://www.icverify.com/ Payflow Pro products/payflow/pro CyberCash - Original Message - From: I. Gray [EMAIL PROTECTED] To: php-db@lists.php.net; Bastien Koert [EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 9:36 AM Subject: Re: [PHP-DB] Security and MYSQL databases Thanks, I kind of suspected this, but it's good to be told. I wouldn't want to like to think my CC details were held on some database somewhere where it can get hacked into. Apart from paypal are there any other 3rd party payment processors that anyone recommends? I think we're perhaps going a little off topic here, so sorry. Bastien Koert wrote: You should never [almost never ever] store cc details from your users. Integrate a 3rd party payment processor into your site and process the payments immediately. It will cut down on fraud and chargebacks by the users. Its also more secure since the cc details are not stored on your machine. What you get back is a payment confirmation number which you can store in your systemto reord that payment was approved...and if you don't get one, you know immediately its been disallowed so you can stop the process at that point. The issues against it are: 1. its not completely secure. You don't have direct control of the server and therefore can't assure yourself that the system is locked down tight and kept updated. 2. Your db may not be secure enough 3. Your code may allow for holes that allow hackers to gain access to the data. 4. The liability for your business, should your data become compromised. Don't say it can't happen. Ask Playboy.com. Hackers access 8million accounts and had all the details. If you can't use a 3rd party processor, then you still shouldn't store the data on the server, but send an encrypted email (using pgp) to yourself with the account / order details for processing. But I strongly recommend using a 3rd party processor. Bastien From: I. Gray [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] Security and MYSQL databases Date: Tue, 14 Jun 2005 14:36:50 +0100 Hello. Simple question. An SSL server and a standard a shared MYSQL server that I have with my hosts. If I am to set up a shopping cart system, is this a secure way of handling credit card details. What is the best way of receiving the details? I assume an email is not a good way as these can be intercepted. Is MYSQL secure enough in this way? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Security and MYSQL databases
Hello. Simple question. An SSL server and a standard a shared MYSQL server that I have with my hosts. If I am to set up a shopping cart system, is this a secure way of handling credit card details. What is the best way of receiving the details? I assume an email is not a good way as these can be intercepted. Is MYSQL secure enough in this way? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Security and MYSQL databases
You should never [almost never ever] store cc details from your users. Integrate a 3rd party payment processor into your site and process the payments immediately. It will cut down on fraud and chargebacks by the users. Its also more secure since the cc details are not stored on your machine. What you get back is a payment confirmation number which you can store in your systemto reord that payment was approved...and if you don't get one, you know immediately its been disallowed so you can stop the process at that point. The issues against it are: 1. its not completely secure. You don't have direct control of the server and therefore can't assure yourself that the system is locked down tight and kept updated. 2. Your db may not be secure enough 3. Your code may allow for holes that allow hackers to gain access to the data. 4. The liability for your business, should your data become compromised. Don't say it can't happen. Ask Playboy.com. Hackers access 8million accounts and had all the details. If you can't use a 3rd party processor, then you still shouldn't store the data on the server, but send an encrypted email (using pgp) to yourself with the account / order details for processing. But I strongly recommend using a 3rd party processor. Bastien From: I. Gray [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] Security and MYSQL databases Date: Tue, 14 Jun 2005 14:36:50 +0100 Hello. Simple question. An SSL server and a standard a shared MYSQL server that I have with my hosts. If I am to set up a shopping cart system, is this a secure way of handling credit card details. What is the best way of receiving the details? I assume an email is not a good way as these can be intercepted. Is MYSQL secure enough in this way? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Security and MYSQL databases
Thanks, I kind of suspected this, but it's good to be told. I wouldn't want to like to think my CC details were held on some database somewhere where it can get hacked into. Apart from paypal are there any other 3rd party payment processors that anyone recommends? I think we're perhaps going a little off topic here, so sorry. Bastien Koert wrote: You should never [almost never ever] store cc details from your users. Integrate a 3rd party payment processor into your site and process the payments immediately. It will cut down on fraud and chargebacks by the users. Its also more secure since the cc details are not stored on your machine. What you get back is a payment confirmation number which you can store in your systemto reord that payment was approved...and if you don't get one, you know immediately its been disallowed so you can stop the process at that point. The issues against it are: 1. its not completely secure. You don't have direct control of the server and therefore can't assure yourself that the system is locked down tight and kept updated. 2. Your db may not be secure enough 3. Your code may allow for holes that allow hackers to gain access to the data. 4. The liability for your business, should your data become compromised. Don't say it can't happen. Ask Playboy.com. Hackers access 8million accounts and had all the details. If you can't use a 3rd party processor, then you still shouldn't store the data on the server, but send an encrypted email (using pgp) to yourself with the account / order details for processing. But I strongly recommend using a 3rd party processor. Bastien From: I. Gray [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] Security and MYSQL databases Date: Tue, 14 Jun 2005 14:36:50 +0100 Hello. Simple question. An SSL server and a standard a shared MYSQL server that I have with my hosts. If I am to set up a shopping cart system, is this a secure way of handling credit card details. What is the best way of receiving the details? I assume an email is not a good way as these can be intercepted. Is MYSQL secure enough in this way? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
