|
|
Posted by Richard Lynch on 02/08/05 20:48
daniel@electroteque.org wrote:
> No the most secure way, but I had a client who was determined not to use
> paypal and store cc'sand do them offline. I am using SSL + Mysql encode to
> do this. Ie
> encode(cc_number,md5('secret'))
This is rife with potential problems...
Stored *where* off-line?
Who can get to the storage area?
Who has access to the "secret decoder ring"? :-)
How easily could that be copied/duplicated/reversed?
Maybe this all occurs in a locked bank vault, with armed guards outside.
Maybe it's just the back office of some grocery store, where any stock-boy
could waltz in on break and snarf himself a bunch of CC#s.
Most likely, it's somewhere between those two.
Alas, it's probably a lot closer to the grocery office than the bank
vault, and that's awfully risky to your client and their customers, and,
ultimately, yourself.
If he's got an off-line point-of-sale merchant account, he can probably
add an on-line up-sell through his merchant account vendor for "not much"
money, and you can do this without storing CC#s and without PayPal.
Plus, instead of having to spend time running the stuff through his
point-of-sale swiper, he'll just have the same reports/processing he is
already using, only the on-line stuff will just show up automatically.
Sell it to him this way: His TIME has to be worth more than the cost of
the on-line merchant account extra fees.
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|