[thelist] More E-Commerce Questions (Liability, Encryption)

Beau Hartshorne beau at pair.com
Mon Jun 25 11:59:08 CDT 2001


If I develop an e-commerce site that gets compromised in some way, and some
hacker manages to snatch up a bunch of CC#'s, who's liable? Is it the
merchant, the host or the programmer? Can the merchant or host successfully
sue the programmer if I do not develop the site properly? Can a contract
offer protection against this?

I've decided that the best way to accept credit cards that are to me
manually processed is to encrypt the credit card information and either
e-mail it (via PGP or GnuPG email) or store it (via a PHP encryption
library) into the database.

I'll probably just design the shopping cart on my own, and use PayPal to
process the payment. I've read too many headlines that read "Russian hacker
steals database full of credit card numbers" to walk blindly into this.
Thanks for everyone's help.

Beau





More information about the thelist mailing list