[ic] Credit Card numbers Stored Encrypted in SQL Database - No Answer Yet

Russ Mann tech@khouse.org
Wed, 25 Apr 2001 14:15:45 -0600

So, correct me if I'm wrong, but because of the RH takeover, IC looses
functionality?  There is ZERO risk involved with storing CC#'s on disk if
they're ENCRYPTED, Which is precisely what I'm trying to do.  It worked just
fine in MV....

-----Original Message-----
From: interchange-users-admin@lists.akopia.com
[mailto:interchange-users-admin@lists.akopia.com]On Behalf Of Webb,
Sent: Wednesday, April 25, 2001 2:00 PM
To: 'interchange-users@lists.akopia.com'
Subject: RE: [ic] Credit Card numbers Stored Encrypted in SQL Database -
No Answer Yet

Hi Dan-

That's true. But then, there is no cost to my customers if they decide to
switch to a competitor.

I understand that there are security issues with storing CC#s in the DB, but
there is no evidence to indicate that consumers will pick a safer site over
one that offers a more convenient buying experience.

If customers know that they do not need to re-enter any info the next time
they come back to your site, that represents a huge competitive advantage
for the merchant.

I'm not sure, but I would bet that most e-commerce packages will offer
"one-click" functionality out-of-the-box within the next year or so (I think
Yahoo! Store may already offer it). That means that to stay competitive,
merchants will need to offer it in their stores.

It's not clear to me why RedHat would care what merchants are storing - I
would bet that there's some type of disclaimer in the IC license that limits
their liability...

Malcolm Webb
Product Manager

voice: 650-623-2296
fax: 650-564-9780
email: malcolmw@upshot.com
web: http://www.upshot.com