[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

Re: [ic] Credit Card Info

To: interchange-users@interchange.redhat.com
Subject: Re: [ic] Credit Card Info
From: interch <interch@hangman.sea.paymentonline.com>
Date: Sun, 4 Nov 2001 13:27:47 -0800 (PST)
In-Reply-To: <20011104155342.A9957@maine.com>

> 
> Quite in accord with the hysteria of the times, that is going too far. 
> There are plenty of scenarios where this would be fine.  Nor is 
> "too cheap to use an online payment gateway" meaningful one way 
> or the other.  One needs to know the network architecture.  What Mike
> and others pointed out was "if you have to ask, you're not ready".
> 
> Anyone who thinks they are providing security simply because they
> use an online payment gateway or SSL or because they encrypt has rocks in
> their head.  The solution is just not that simple.  
> 
> It may well be a violation of some credit card company policies.  There
> are typically a LOT more to those policies, too much in fact, so that 
> they are generally unenforced.  Maybe they are used after the fact: "See
> you didn't do what you were supposed to."  That is a shame.
> 
> Of course, the NEXT Passport mishap will illustrate this.  :-)
> 
> cfm

Actually the card associations are now requiring certain levels of
security for anyone accepting online credit card payments.  It is posted
on their websites and they are starting to enforce it and not just use it
after the fact like they have done so much in the past.  I wasn't trying
to imply that using encryption means you are secure.  I only meant that
specifically sending unencrypted cards via email was insane.  In fact, at
times encrypting stored data isn't even practical, which is why other
layers of security are used instead.  It would probably scare most people
to know that the banks do not usually store cards encrypted..  But you are
right it is the whole architecture that counts, too many people focus just
on encryption, which is wrong headed.

Chris





> 
> -- 
> 
> Christopher F. Miller, Publisher                               cfm@maine.com
> MaineStreet Communications, Inc           208 Portland Road, Gray, ME  04039
> 1.207.657.5078                                         http://www.maine.com/
> Content/site management, online commerce, internet integration, Debian linux
> _______________________________________________
> interchange-users mailing list
> interchange-users@interchange.redhat.com
> http://interchange.redhat.com/mailman/listinfo/interchange-users
> 

_______________________________________________
interchange-users mailing list
interchange-users@interchange.redhat.com
http://interchange.redhat.com/mailman/listinfo/interchange-users

References:
- Re: [ic] Credit Card Info
  - From: cfm@maine.com

Prev by Date: RE: [ic] Credit Card Info
Next by Date: RE: [ic] Credit Card Info
Prev by thread: Re: [ic] Credit Card Info
Next by thread: Re: [ic] Credit Card Info
Index(es):
- Date
- Thread