[ic] Credit Card numbers Stored Encrypted in SQL Database - N o Answer Yet

Webb, Malcolm malcolmw@upshot.com
Thu, 26 Apr 2001 08:03:56 -0700


Hi Robert-

I agree. What you're saying is true - there is a risk that a merchant could
get hacked. 

All I'm saying, though, is that the merchant should be able to decide what
level of risk he/she is willing to assume.

To stay competitive, it may be necessary for merchants to take on some risk.
And consumers appear to be okay with the idea of a trusted merchant keeping
their CC# data - how many people do you know that avoid shopping at
Amazon.com because they store the CC#?

-----Original Message-----
From: Robert Brandtjen
To: interchange-users@lists.akopia.com
Sent: 4/25/2001 10:17 PM
Subject: Re: [ic] Credit Card numbers Stored Encrypted in SQL Database - N o
Answer Yet

on 4/25/01 3:00 PM, Webb, Malcolm at malcolmw@upshot.com wrote:

> 
> I understand that there are security issues with storing CC#s in the
DB, but
> there is no evidence to indicate that consumers will pick a safer site
over
> one that offers a more convenient buying experience.
> 

Hmm, ask egghead about that one, I have LOTS of friends who got their
cards
ripped by them storing them on their server, and, as if that wasn't
enough,
whatever they were using as an ecommerce tool, all you had to do was
open
the source up in navigator , edit the pricing and then reload it and hit
the
send button - voila! a new computer for 20.00 instead of 2000.00

>From a practical standpoint, you could be held liable for the monetary
damages, you also become more of a hacker's target if they know you are
storing them. 

 Robert Brandtjen
 --------------------------------------
 Web Site Creation and Hosting Services
 Hostmaster@prometheusmedia.com
 www.prometheusmedia.com


_______________________________________________
Interchange-users mailing list
Interchange-users@lists.akopia.com
http://lists.akopia.com/mailman/listinfo/interchange-users