|
|
Posted by Jochem Maas on 02/08/05 17:06
trlists@clayst.com wrote:
> On 8 Feb 2005 Jochem Maas wrote:
>
>
>>This was aimed at me. I personally wouldn't touch a CCN with a barge pole,
>>I did say it was 'best' not to accept them at all, although accepting them and
>>immediately passing them on via an SSL link (e.g. with cURL) is probably
>>'good enough' - at least, apparently, 10,000s of merchant seem to think so.
>
>
> That was my point. Also you personally might not want to deal with
> them -- but would you always advise a client who hired you to develop a
> web site the same way? Or would it depend on their needs and concerns
> and the functions of the site?
I refuse to touch CCNs purely because I can't afford that kind of liability,
unless the client signs a complete waiver (funnily enough they don't like
to do that)
>
>
>>>>cat /dev/mem | strings | egrep "^[0-9]+$"
>>
>>nice bit of magic tho, Greg :-)
>
>
> I agree, but to me the issue here is these two views:
>
> - "I have analyzed the need to accept credit cards and the risks
> of doing so. The risks are too great compared to the value so I
> will not accept credit card numbers on my site".
>
> - "I can imagine a way someone could gain access to them so I will
> not accept credit card numbers on my site."
>
> The latter is being confused with the former. The latter, to me, is
> not a good reaosn. The former is.
don't agree - I'd rather be cautious on a hunch, especially given that I
have no means to personally verify the risk other than in terms of total
financial ruin if a real problem occurs even once. besides its a moot point
there is no need to handle creditcard info in 99.99999999999% of all cases
(the rest being covered by amazons,paypals,etc)
This may only be a php mailing list but there are still alot of pretty clever
people here and they are all shouting 'run away from the CCNs' - I doubt
they are trying to trick you out of business. besides checkout any
crypto mailing list or serious security sites and the premise is confirmed.
but hey if you have to handle them be prepared I guess. and don't store them
anywhere but RAM. and them get rid of them asap...
then again there are +-2billion people with limited/no access to running water...
maybe we shouldn't blow the CCN thing out of proportion :-/
>
> --
> Tom
>
[Back to original message]
|