|
|
Posted by trlists on 02/08/05 16:16
On 8 Feb 2005 Jochem Maas wrote:
> This was aimed at me. I personally wouldn't touch a CCN with a barge pole,
> I did say it was 'best' not to accept them at all, although accepting them and
> immediately passing them on via an SSL link (e.g. with cURL) is probably
> 'good enough' - at least, apparently, 10,000s of merchant seem to think so.
That was my point. Also you personally might not want to deal with
them -- but would you always advise a client who hired you to develop a
web site the same way? Or would it depend on their needs and concerns
and the functions of the site?
> >> cat /dev/mem | strings | egrep "^[0-9]+$"
>
> nice bit of magic tho, Greg :-)
I agree, but to me the issue here is these two views:
- "I have analyzed the need to accept credit cards and the risks
of doing so. The risks are too great compared to the value so I
will not accept credit card numbers on my site".
- "I can imagine a way someone could gain access to them so I will
not accept credit card numbers on my site."
The latter is being confused with the former. The latter, to me, is
not a good reaosn. The former is.
--
Tom
Navigation:
[Reply to this message]
|