[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] turn off cc security

To: minivend-users@minivend.com
Subject: Re: [mv] turn off cc security
From: "Mr. Christopher F. Miller" <cfm@maine.com>
Date: Wed, 10 Nov 1999 09:19:05 -0500
In-Reply-To: <19991110020828.A10423@bill.minivend.com>; from mike@minivend.com on Wed, Nov 10, 1999 at 02:08:28AM -0500
References: <4.2.2.19991109181253.00a36c30@10.10.30.66 <3829149B.244AAF9F@madmardy.com> <19991110020828.A10423@bill.minivend.com>
User-Agent: Mutt/1.0i

On Wed, Nov 10, 1999 at 02:08:28AM -0500, mike@minivend.com wrote:
> ******    message to minivend-users from mike@minivend.com     ******
> 
> Quoting Mark Holt (madmardy@madmardy.com):
> > 
> > Thank you so much for your help.  I'm so glad to know it's dangerous.
> > 
> 
> It is, and I suggest that no one help with your questions. I do not want
> MiniVend used to jeopardize information entrusted by the public. I have
> spent man-months working to make sure Minivend has the proper support to
> do this stuff right.
> 
> If you don't want to use CyberCash or PGP, I suggest you either abandon
> credit card user or check out one of the other shopping carts out
> there. If you do decide to make the right choice, welcome.

Ok, I'll bite.  <SUIT ON>

One of the **functions** of a credit card is to guarantee commerce
between unknown and untrusted parties.  It is the job of the merchant
bank to validate and stand behind its merchants.  If you buy something
with a card, the bank and cc company are doing their part to vouch
for the various parties.  Has anyone ever bought anything with a card
and NOT with cash or check specifically to take advantage of that
guarantee, so they could return it if unsatisfactory?  The card 
itself IS the security.  Talk to some bankers about it.  That's 
why they do their due diligence (or should) when issuing cards 
and merchant accounts.

I am NOT saying to store the cc numbers in a 777 file in web space
and, yes, I have seen that.

OTOH, I don't hear much noise about hiding what someone buys with the card.
Why not?  That is, IMCO, often **far** more sensitive than the card
numbers themselves.  Suppose a merchant prints out an order from his
local politician for guns, sex toys, or evil books complete with
cc number and plain ascii order and ship to address and throws it
in the dumpster where it is found by <fill in your worst nightmare>.
Of course, that goes for any transmission, whether or not there is
a purchase involved.

Data security is an end-to-end thing, from order through shipment and on
into vendor record keeping.  It's not just the card, but every bit of
data you collect or generate.  Keep it in perspective!

cfm

-- 

Christopher F. Miller, Publisher                             cfm@maine.com
MaineStreet Communications, Inc         208 Portland Road, Gray, ME  04039
1.207.657.5078                                       http://www.maine.com/
Database publishing, e-commerce, office/internet integration, Debian linux.

Follow-Ups:
- Re: [mv] turn off cc security
  - From: mike@minivend.com
- Re: [mv] turn off cc security - ? on enc. file storage
  - From: Loy Ellen Gross <design@iinc.com>

References:
- Re: [mv] turn off cc security
  - From: Mark Holt <madmardy@madmardy.com>
- Re: [mv] turn off cc security
  - From: mike@minivend.com

Prev by Date: Re: [mv] Multiple Order Counters
Next by Date: Minivend Install Problem
Prev by thread: Re: [mv] turn off cc security
Next by thread: Re: [mv] turn off cc security - ? on enc. file storage
Index(es):
- Date
- Thread