[thelist] More E-Commerce Questions (Liability, Encryption)
Robert Goodyear
rob_goodyear at yahoo.com
Tue Jun 26 13:13:41 CDT 2001
If you use XML to attach to a gateway (e.g.: AuthorizeNet) and store the transactions
there, wouldn't that place liability with the gateway? Then you wouldn't be keeping
numbers anywhere on your site or databases, and all the gateways use SSL encryption for
their connections.
I use Miva Merchant and Authorizenet, and I disallow storage of the cardnumbers locally.
/rg
--- Beau Hartshorne <beau at pair.com> wrote:
> If I develop an e-commerce site that gets compromised in some way, and some
> hacker manages to snatch up a bunch of CC#'s, who's liable? Is it the
> merchant, the host or the programmer? Can the merchant or host successfully
> sue the programmer if I do not develop the site properly? Can a contract
> offer protection against this?
>
> I've decided that the best way to accept credit cards that are to me
> manually processed is to encrypt the credit card information and either
> e-mail it (via PGP or GnuPG email) or store it (via a PHP encryption
> library) into the database.
>
> I'll probably just design the shopping cart on my own, and use PayPal to
> process the payment. I've read too many headlines that read "Russian hacker
> steals database full of credit card numbers" to walk blindly into this.
> Thanks for everyone's help.
>
> Beau
>
>
> ---------------------------------------
> For unsubscribe and other options, including
> the Tip Harvester and archive of TheList go to:
> http://lists.evolt.org Workers of the Web, evolt !
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
More information about the thelist
mailing list