[thelist] More E-Commerce Questions (Liability, Encryption)
phil crawford
crawford_phil at hotmail.com
Mon Jun 25 17:01:14 CDT 2001
Beau,
One way to reduce your exposure to hacking is to eliminate the cc#'s (or the
last 4 digits) from the database once they are processed by the retailer.
Basically the cc#'s are only on the web server from the time an order is
placed until it is processed.
My client would process the order, which would include running the cc#
through their machine in their store, and would store the cc# in their
financial software (this is important for returns/credits). Once they hit
the button on our admin interface that they processed the order, the code
deletes the last four digits of the cc# from the database.
Then when a customer comes back and purchases again, they only have to enter
the last four digits.
I've never really thought too much about this, but it has been working fine
for about 2 years.
-phil
>From: "Beau Hartshorne" <beau at pair.com>
>Reply-To: thelist at lists.evolt.org
>To: "thelist" <thelist at lists.evolt.org>
>Subject: [thelist] More E-Commerce Questions (Liability, Encryption)
>Date: Mon, 25 Jun 2001 09:55:50 -0700
>
>If I develop an e-commerce site that gets compromised in some way, and some
>hacker manages to snatch up a bunch of CC#'s, who's liable? Is it the
>merchant, the host or the programmer? Can the merchant or host successfully
>sue the programmer if I do not develop the site properly? Can a contract
>offer protection against this?
>
>I've decided that the best way to accept credit cards that are to me
>manually processed is to encrypt the credit card information and either
>e-mail it (via PGP or GnuPG email) or store it (via a PHP encryption
>library) into the database.
>
>I'll probably just design the shopping cart on my own, and use PayPal to
>process the payment. I've read too many headlines that read "Russian hacker
>steals database full of credit card numbers" to walk blindly into this.
>Thanks for everyone's help.
>
>Beau
>
>
>---------------------------------------
>For unsubscribe and other options, including
>the Tip Harvester and archive of TheList go to:
>http://lists.evolt.org Workers of the Web, evolt !
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
More information about the thelist
mailing list