[thelist] More E-Commerce Questions (Liability, Encryption)

Peter Kaulback pkaulbak at idirect.ca
Mon Jun 25 16:38:54 CDT 2001

In the wee hour of 06:30 PM 6/25/01 +0100, Martin bequeathed such tales as 
>Beau Hartshorne wrote on 25/6/01 5:55 pm
> >If I develop an e-commerce site that gets compromised in some way, and some
> >hacker manages to snatch up a bunch of CC#'s, who's liable? Is it the
> >merchant, the host or the programmer?
>The issuing bank, the merchant and the programmer, in that order,
>assuming fault (which will nearly always be the case).
>The bank is liable to the consumer, the merchant to the bank and
>you to the merchant. This is why professional liability insurance
>is *really* important.
> >Can the merchant or host successfully
> >sue the programmer if I do not develop the site properly?
>Yes if you have a contract with them. More likely you'll be
>sued by the merchant (who is your client I assume)
> >Can a contract offer protection against this?
>Only if your client is dumb enough to sign it. I don't see
>it happening.
> >I'll probably just design the shopping cart on my own, and use PayPal to
> >process the payment. I've read too many headlines that read "Russian hacker
> >steals database full of credit card numbers" to walk blindly into this.
>You might also like to look into payment processing ASPs such
>as WorldPay.
>Just to show that other people get it wrong too:

Great tips, could your client(merchant) sue you if you only were a reseller 
for an ASP's ecommerce solution. In other words, if I design a site and 
integrate some ASP's ecomm application can I still be held liable?
Peter Kaulback

More information about the thelist mailing list