[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] turn off cc security
Quoting Mr. Christopher F. Miller (cfm@maine.com):
> Ok, I'll bite. <SUIT ON>
>
> One of the **functions** of a credit card is to guarantee commerce
> between unknown and untrusted parties. It is the job of the merchant
> bank to validate and stand behind its merchants. If you buy something
> with a card, the bank and cc company are doing their part to vouch
> for the various parties. Has anyone ever bought anything with a card
> and NOT with cash or check specifically to take advantage of that
> guarantee, so they could return it if unsatisfactory? The card
> itself IS the security. Talk to some bankers about it. That's
> why they do their due diligence (or should) when issuing cards
> and merchant accounts.
(Bear in mind that the following is not targeted at an individual.)
Ah, but yes, you are doing that if you send it by email. All it
takes is one day of bounces.
If I were to buy from a local merchant and discover that they were in
the normal course of events passing the credit card slip from business
to business, wide open to inspection, along with my name and address,
then I would lodge a complaint with the credit card company -- and fully
expect that the CC company would come down on the bank and merchant like
a ton of bricks. Which they would; I have seen it happen. If they don't
cancel your account, you lose any favorable rates you might have had.
>
> I am NOT saying to store the cc numbers in a 777 file in web space
> and, yes, I have seen that.
Even more important is not keeping the numbers on disk where they are
vulnerable to a wholesale hack. Many systems are public space where
it is trivial for users to view files.
>
> OTOH, I don't hear much noise about hiding what someone buys with the card.
> Why not? That is, IMCO, often **far** more sensitive than the card
> numbers themselves. Suppose a merchant prints out an order from his
> local politician for guns, sex toys, or evil books complete with
> cc number and plain ascii order and ship to address and throws it
> in the dumpster where it is found by <fill in your worst nightmare>.
> Of course, that goes for any transmission, whether or not there is
> a purchase involved.
MiniVend allows encryption of that stuff too, at least when sent
via email. A lot of users do just that. It wouldn't even be that
difficult to encrypt your UserDB, but a one-port database server
makes more sense there.
If you are a politician and buying things like that from unknown
parties over the Internet, you are too stupid to be in office.
Not that that stops a few of them.... 8-)
That sort of stuff is unlikely to be a problem anyway. The chance
of finding someone vulnerable to that sort of pressure is very
remote. And is not something your average criminal is interested in. They
want cash.
>
> Data security is an end-to-end thing, from order through shipment and on
> into vendor record keeping. It's not just the card, but every bit of
> data you collect or generate. Keep it in perspective!
>
The bottom line is that if the credit card number is sent via
the unreliable means of email, en clair, with the possibility of
unknown parties reading it in the not-unlikely event of a typo, system
misconfiguration, or routing problem, that is not taking reasonable care
of the information. Unremedied I believe it is grounds for cancellation
of your merchant account and your SSL certificate. It is also very
bad business.
If you are providing ecommerce services and do something like that on
a wholesale basis, it is grounds for a lawsuit the moment your system
gets hacked and you lose thousands of credit card numbers. People who
steal info can't do much with lists of purchases; they can make hay
with thousands of credit card steals that will pass AVS and other
fraud-protection checks.
Don't tell me that it is the same as the waitress kiting copies of
credit-card receipts; that stuff is localized and stopped pretty quickly
these days in most cases. More importantly, there is no AVS-defeating
information there, so those numbers are only vulnerable to a high-class
card-duplication operation.
I am not saying that the credit card companies will sue you, for they
won't. They don't want the publicity. Your clients might sue when they
lose their favored-status merchant account and their reputation. 2%
of a million dollars is $20,000, after all. Multiply from there and add
lawyer bills.
Sending en clair multiplies your chances of a problem; it makes you
vulnerable at any hop between. Don't tell me that networks don't get
hacked, for I have picked up the pieces of too many that have been.
Now I am not saying Minivend is ultra-secure; obviously the number is
unencrypted in memory and vulnerable to a wizard hacker that has root
access to a system -- even if they don't hack MiniVend to mail them
the number. But pulling something like that off undetected is orders of
magnitude more difficult than hacking a /etc/aliases file.
If you are reading mail on a Microsoft OS it becomes dicier still.
The email clients on that platform are legendary for their security
weaknesses. Encryption of the order obviates that problem.
That is my view of things; your mileage may differ. But I believe that
the nature of ecommerce dictates that we be stringent and vigilant
in our safeguarding of customer information.
And I still suggest that we don't discuss how to send the info
unencrypted. If you (and of course not you specifically) don't have
the technical expertise to figure it out for yourself, then you surely
don't have the expertise to safeguard the unencrypted information via
operating system means. Still in all, I can't stop anyone from screwing
the pooch if they want to. I just don't have to be party to it.
--
Mike Heins http://www.minivend.com/ ___
Internet Robotics |_ _|____
If you think nobody cares if 131 Willow Lane, Floor 2 | || _ \
you're alive, try missing a couple Oxford, OH 45056 | || |_) |
of car payments. <mikeh@minivend.com> |___| _ <
-- Earl Wilson 513.523.7621 FAX 7501 |_| \_\
