[thelist] More E-Commerce Questions (Liability, Encryption)

Martin martin at members.evolt.org
Mon Jun 25 12:33:28 CDT 2001


Beau Hartshorne wrote on 25/6/01 5:55 pm

>If I develop an e-commerce site that gets compromised in some way, and some
>hacker manages to snatch up a bunch of CC#'s, who's liable? Is it the
>merchant, the host or the programmer? 

The issuing bank, the merchant and the programmer, in that order,
assuming fault (which will nearly always be the case).
The bank is liable to the consumer, the merchant to the bank and
you to the merchant. This is why professional liability insurance
is *really* important.

>Can the merchant or host successfully
>sue the programmer if I do not develop the site properly? 
Yes if you have a contract with them. More likely you'll be
sued by the merchant (who is your client I assume)

>Can a contract offer protection against this?
Only if your client is dumb enough to sign it. I don't see
it happening.

>I'll probably just design the shopping cart on my own, and use PayPal to
>process the payment. I've read too many headlines that read "Russian hacker
>steals database full of credit card numbers" to walk blindly into this.

You might also like to look into payment processing ASPs such
as WorldPay.

Just to show that other people get it wrong too:
<http://news.bbc.co.uk/hi/english/sci/tech/newsid_1402000/1402222.stm>

Cheers
Martin

_______________________________________________
email: martin at easyweb.co.uk             PGP ID: 0xA835CCCB
       martin at members.evolt.org      snailmail: 30 Shandon Place
  tel: +44 (0)774 063 9985                      Edinburgh,
  url: http://www.easyweb.co.uk                 Scotland





More information about the thelist mailing list