[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] turn off cc security - ? on enc. file storage

To: minivend-users@minivend.com
Subject: Re: [mv] turn off cc security - ? on enc. file storage
From: Loy Ellen Gross <design@iinc.com>
Date: Wed, 10 Nov 1999 10:47:09 -0500 (EST)
In-Reply-To: <19991110091905.B27381@maine.com>
Organization: Xcalibur Internet Services

On Wed, 10 Nov 1999, Mr. Christopher F. Miller wrote:

>******    message to minivend-users from "Mr. Christopher F. Miller" <cfm@maine.com>     ******
>
>On Wed, Nov 10, 1999 at 02:08:28AM -0500, mike@minivend.com wrote:
>> ******    message to minivend-users from mike@minivend.com     ******
>> 
>> It is, and I suggest that no one help with your questions. I do not want
>> MiniVend used to jeopardize information entrusted by the public. I have
>> spent man-months working to make sure Minivend has the proper support to
>> do this stuff right.
>> 
>One of the **functions** of a credit card is to guarantee commerce
>between unknown and untrusted parties.  It is the job of the merchant
>bank to validate and stand behind its merchants.  If you buy something
>with a card, the bank and cc company are doing their part to vouch
>for the various parties.  

	That's right, and in my state, the banks are liable for the
	amount of any card fraud over $50 - *not the card owner*. 
	Ergo, my bank has an interest in making sure *I* protect card 
	numbers from fraud. I don't know about your bank, but if I send 
	card numbers in the clear without encryption or cybercash, 
	I get my merchant account yanked, PDQ. I doubt that's the effect 
	you want.

>Has anyone ever bought anything with a card
>and NOT with cash or check specifically to take advantage of that
>guarantee, so they could return it if unsatisfactory?  The card 
>itself IS the security.  Talk to some bankers about it.  That's 
>why they do their due diligence (or should) when issuing cards 
>and merchant accounts.

	You make my point. Their diligence extends to my methods in
	the fashion of allowing or not allowing me to keep a merchant
	account with them. While most banks aren't so sophisticated yet
	as to ask, I'll bet the first problem caused by clear 
	transmission causes them to drop you like a vat full of spiders.

>I am NOT saying to store the cc numbers in a 777 file in web space
>and, yes, I have seen that.

	Ouch, for criminy's sake (question about this follows)

>OTOH, I don't hear much noise about hiding what someone buys with the card.
>Why not?  That is, IMCO, often **far** more sensitive than the card
>numbers themselves.  Suppose a merchant prints out an order from his
>local politician for guns, sex toys, or evil books complete with
>cc number and plain ascii order and ship to address and throws it
>in the dumpster where it is found by <fill in your worst nightmare>.

	Excellent point. When PGP is used to transmit card numbers,
	it really should be used to transmit the entire order. What
	the hey - you're already using PGP anyway - encrypt the whole
	thing.
	
	OTOH, most of the credit card companies keep records of what you
	purchase (or at least what stores you purchase from) and make
	these available (for a fee) to marketing agencies. That's why
	you buy some baby clothes for the first time and immediately get 
	inundated with baby and child-care catalogs and offers. (I'm
	expecting and dealing with this now - I could build a paper 
	mache DUMPTRUCK with the amount of marketing crap I've been mailed)

	Anyway, for an online store to go through the trouble of PGP 
	*just for order info* is a little silly. All my catalogs do
	go into secure mode earlier than necessary - to protect the 
	fact that a sale is occurring as well as the cc number, but the 
	customer should protect his or her own end by protecting printed 
	receipts and removing cookies.

>Data security is an end-to-end thing, from order through shipment and on
>into vendor record keeping.  It's not just the card, but every bit of
>data you collect or generate.  Keep it in perspective!

	Yup, that's why we keep nothing on our server to be quantified,
	not even tracking beyond a few days. It's the catalog owner's job 
	to collect and quantify customers, orders, etc. on their own office 
	computers. Then, security of information is their problem :-)

Now, question: if you /were/ going to save order information in an 
encrypted file on your server but outside the web space - any suggestions
for a place that is inaccessible by nouser so it could not be hacked?
FYI, we use Apache with Stronghold. One of the problems I have with 
storing even tracking info is the fact that nouser could read it, so
there might be a user on our machine (or who gets access to our machine
via a poorly written CGI script) who could poke around and find that 
file. Comments? Criticisms? Suggestions? Complete implementations with
your own experience? :-)

  -- Loy

--
Loy Ellen Gross * Web Designer & Programmer * Xcalibur Internet
  Voice: 716-344-1114 * design@iinc.com * http://www.iinc.com

Follow-Ups:
- Re: [mv] turn off cc security - ? on enc. file storage
  - From: "Mr. Christopher F. Miller" <cfm@maine.com>

References:
- Re: [mv] turn off cc security
  - From: "Mr. Christopher F. Miller" <cfm@maine.com>

Prev by Date: Minivend Install Problem
Next by Date: presorting results of a search
Prev by thread: Re: [mv] turn off cc security
Next by thread: Re: [mv] turn off cc security - ? on enc. file storage
Index(es):
- Date
- Thread