Posted by trlists on 02/08/05 16:16

On 8 Feb 2005 Jochem Maas wrote:

> This was aimed at me. I personally wouldn't touch a CCN with a barge pole,
> I did say it was 'best' not to accept them at all, although accepting them and
> immediately passing them on via an SSL link (e.g. with cURL) is probably
> 'good enough' - at least, apparently, 10,000s of merchant seem to think so.

That was my point. Also you personally might not want to deal with
them -- but would you always advise a client who hired you to develop a
web site the same way? Or would it depend on their needs and concerns
and the functions of the site?

> >> cat /dev/mem | strings | egrep "^[0-9]+$"
>
> nice bit of magic tho, Greg :-)

I agree, but to me the issue here is these two views:

- "I have analyzed the need to accept credit cards and the risks
of doing so. The risks are too great compared to the value so I
will not accept credit card numbers on my site".

- "I can imagine a way someone could gain access to them so I will
not accept credit card numbers on my site."

The latter is being confused with the former. The latter, to me, is
not a good reaosn. The former is.

--
Tom

[Back to original message]