|
Posted by Jason Barnett on 09/26/77 11:07
Brian Dunning wrote:
>> It's FAR less dangerous to implement
>> what you are suggesting than it is to simply pay for your dinner with a
>> credit card.
>
>
> I agree with this. There is way too much paranoia about credit cards
> online. 99% of stolen credit card numbers are acquired by phishing and
It depends on the exact situation, but a lot of times the vendors that
process a fraudulent credit card purchase end up eating that loss. At
that point their only recourse is to go after the person that
perpetrated the fraud. In the case of phishing it is whomever harvested
the cc#. However, in the case of getting cc#'s from your website it is
both the person that cracked your site *as well as you*.
> the other 1% by uncrumpling receipts out of a wastebasket. There's no
> longer any reason to go to the trouble of trying to crack encryption.
> Remember the knight who went into battle wearing armor only on his legs?
I suppose that if you want to disregard the risk as minimal, well,
that's your business. However, even if you believe that the risk of
someone stealing your customer's credit card numbers from your server is
minimal you still *must* consider the potential cost of being
compromised. My financial colleagues would state this as:
expected cost = probability * (drop in future sales revenue + attorney
litigation fees + damages awarded in lawsuit)
Perhaps it's not clear, but litigation might include lawsuits from the
credit card company... or the hundreds of *other* companies that get
screwed by the fraudulent credit card purchases. Even if you manage to
win all of those lawsuits, the litigation fees alone are likely enough
to bankrupt you.
So even if you only think the probability of being compromised is 1 /
1000... do the math... is it really worth it for you to do this?
--
Teach a man to fish...
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://www.php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
Navigation:
[Reply to this message]
|