[ic] Credit Card Info

Robert Trembath interchange-users@interchange.redhat.com
Sun Nov 4 13:42:01 2001 

Work around for CC info
------------------------------

In the directory /usr/lib/interchange/lib/Vend or wherever your IC
install is in the /lib/Vend directory there is a file called Order.pm.

Note: I don't recommend you do this unless you are an experienced IC
developer and have an understanding of IC structure.

Do a find and replace in your favorite editor for the following in the
following section only:
Section: sub route_order (2 places)
Find:
ENCRYPTION NEEDED
Replace with:
$::Values->{mv_credit_card_info}

This will print the full credit card number and info on the mail to
store owner.
There maybe one other line that needs to be fixed that was sent to me by
another developer. I will post it Monday when I'm in the office.

Restart IC after these changes to enable it. Make sure you backup this
file in case you have a problem with the mod.

Robert Trembath
Senior IT Director
e| robert@ishoptech.com


-----Original Message-----
From: interchange-users-admin@interchange.redhat.com
[mailto:interchange-users-admin@interchange.redhat.com] On Behalf Of
BWP-BookCenter
Sent: Sunday, November 04, 2001 10:00 AM
To: interchange-users@interchange.redhat.com
Subject: RE: [ic] Credit Card Info

Robert,

Please do. For many "small" store owners the ISP does not always install
the
PGP correctly, so this will help them.

Thanks

Anton

-----Original Message-----
From: interchange-users-admin@interchange.redhat.com
[mailto:interchange-users-admin@interchange.redhat.com]On Behalf Of
Robert Trembath
Sent: Sunday, November 04, 2001 10:44 AM
To: interchange-users@interchange.redhat.com
Subject: RE: [ic] Credit Card Info


I have a mod that will print it on the email to the shop owner in 4.8.x
without messing with encryption if anyone is interested. I've been
meaning to post it anyway. Let me know and I'll post it.

Robert Trembath
Senior IT Director
e| robert@ishoptech.com


-----Original Message-----
From: interchange-users-admin@interchange.redhat.com
[mailto:interchange-users-admin@interchange.redhat.com] On Behalf Of
Bernino Lind
Sent: Sunday, November 04, 2001 1:02 AM
To: interchange-users@interchange.redhat.com
Subject: RE: [ic] Credit Card Info

Just an example:

In Denmark there was a shop which did exactly that. One day some persons
stole the mail archive with all the card #'s and began doing nice things
with various online stores.

The bank, in this case the shops bank, has the legal responsibility in
Denmark (I dont know the law else where) so they had to pay the
transfers of
money which could not be stopped. Then the bank filed a case against the
shop for improper storage of card #'s.

So you should make sure that all such mails are encrypted at the least -
but
preferably completely nuke the card #'s as soon as you have gotten your
money (and hey! Isnt that what its all about ???)!

--
med venlig hilsen / Best Regards
Bernino Lind +45 7021 0050
catpipe Systems ApS - www.catpipe.net
Best done FreeBSD solutions

-----Original Message-----
From: interchange-users-admin@interchange.redhat.com
[mailto:interchange-users-admin@interchange.redhat.com]On Behalf Of Jim
Balcom
Sent: 3. november 2001 23:59
To: interchange-users@interchange.redhat.com
Subject: Re: [ic] Credit Card Info


On Sat, 3 Nov 2001, Yahoo wrote:

Y>>This may be very novice question, but we are not a high volume
operation,
we
Y>>really do not need a processing entity at the moment, so I was asked
to
have
Y>>daily reports with clients orders including card #s, I have come to
discover
Y>>that the card # is a variable not a field ( I think ), anybody ever
done
Y>>this before could enlighten us,

I suggest that you educate the people that are asking you to do this to
the
high risks of allowing credit card numbers to become visible to people
that
don't have a need for access to them in order to process the order.

Perhaps you are a small shop like mine, in which case it's no problem.
Scotty and I process orders interchangeably, and so we both have full
access
to all of the computers, card #,s etc.

But, once you get much bigger than that, you end up having these number
floating around, either on computers, or on paper, where people can
access
them have no need to, or worse yet, where someone can hack into the
computer
and capture them.

-= Jim =-

----------------------------------------------------------------
Jim's Linux-Operated Underground Bomb Shelter

Tagline for Saturday, November 03, 2001 at 17:50 PM:
I tried being reasonable once. I didn't like it.

----------------------------------------------------------------
This Linux System has been up 200 hours

My web page: http://www.idk-enterprises.com
----------------------------------------------------------------

_______________________________________________
interchange-users mailing list
interchange-users@interchange.redhat.com
http://interchange.redhat.com/mailman/listinfo/interchange-users

_______________________________________________
interchange-users mailing list
interchange-users@interchange.redhat.com
http://interchange.redhat.com/mailman/listinfo/interchange-users


_______________________________________________
interchange-users mailing list
interchange-users@interchange.redhat.com
http://interchange.redhat.com/mailman/listinfo/interchange-users


_______________________________________________
interchange-users mailing list
interchange-users@interchange.redhat.com
http://interchange.redhat.com/mailman/listinfo/interchange-users