[ic] Credit Card Info

interchange-users@interchange.redhat.com interchange-users@interchange.redhat.com
Sun Nov 4 15:58:00 2001


On Sun, Nov 04, 2001 at 12:14:19PM -0800, interch wrote:
> 
> 
> On Sun, 4 Nov 2001, Robert Trembath wrote:
> 
> > Work around for CC info
> 
> Security and common sense issues aside, this is in direct violation of
> Visa/Mastercard regulations, and if anyone reports you to them or your
> acquiring bank, your merchant account very likely would be closed.
> 
> You would really need to have rocks in your head to start sending card
> numbers unencrypted via email, especially when there is no valid reason to
> do so other than someone is too cheap to use an online payment gateway
> that handles that for you.

Quite in accord with the hysteria of the times, that is going too far. 
There are plenty of scenarios where this would be fine.  Nor is 
"too cheap to use an online payment gateway" meaningful one way 
or the other.  One needs to know the network architecture.  What Mike
and others pointed out was "if you have to ask, you're not ready".

Anyone who thinks they are providing security simply because they
use an online payment gateway or SSL or because they encrypt has rocks in
their head.  The solution is just not that simple.  

It may well be a violation of some credit card company policies.  There
are typically a LOT more to those policies, too much in fact, so that 
they are generally unenforced.  Maybe they are used after the fact: "See
you didn't do what you were supposed to."  That is a shame.

Of course, the NEXT Passport mishap will illustrate this.  :-)

cfm

-- 

Christopher F. Miller, Publisher                               cfm@maine.com
MaineStreet Communications, Inc           208 Portland Road, Gray, ME  04039
1.207.657.5078                                         http://www.maine.com/
Content/site management, online commerce, internet integration, Debian linux