[ic] Credit Card Info

interch interchange-users@interchange.redhat.com
Sun Nov 4 16:32:01 2001


> 
> Quite in accord with the hysteria of the times, that is going too far. 
> There are plenty of scenarios where this would be fine.  Nor is 
> "too cheap to use an online payment gateway" meaningful one way 
> or the other.  One needs to know the network architecture.  What Mike
> and others pointed out was "if you have to ask, you're not ready".
> 
> Anyone who thinks they are providing security simply because they
> use an online payment gateway or SSL or because they encrypt has rocks in
> their head.  The solution is just not that simple.  
> 
> It may well be a violation of some credit card company policies.  There
> are typically a LOT more to those policies, too much in fact, so that 
> they are generally unenforced.  Maybe they are used after the fact: "See
> you didn't do what you were supposed to."  That is a shame.
> 
> Of course, the NEXT Passport mishap will illustrate this.  :-)
> 
> cfm

Actually the card associations are now requiring certain levels of
security for anyone accepting online credit card payments.  It is posted
on their websites and they are starting to enforce it and not just use it
after the fact like they have done so much in the past.  I wasn't trying
to imply that using encryption means you are secure.  I only meant that
specifically sending unencrypted cards via email was insane.  In fact, at
times encrypting stored data isn't even practical, which is why other
layers of security are used instead.  It would probably scare most people
to know that the banks do not usually store cards encrypted..  But you are
right it is the whole architecture that counts, too many people focus just
on encryption, which is wrong headed.

Chris





> 
> -- 
> 
> Christopher F. Miller, Publisher                               cfm@maine.com
> MaineStreet Communications, Inc           208 Portland Road, Gray, ME  04039
> 1.207.657.5078                                         http://www.maine.com/
> Content/site management, online commerce, internet integration, Debian linux
> _______________________________________________
> interchange-users mailing list
> interchange-users@interchange.redhat.com
> http://interchange.redhat.com/mailman/listinfo/interchange-users
>