[ic] Re: Requirement to not encrypt credit card numbers
Kevin Walsh
interchange-users@icdevgroup.org
Wed Aug 28 22:16:00 2002
> > >
> > > In the ORDERS_TO email the credit card details are either mangled or
> > > encrypted.
> > >
> > > I have a situation where I can handle the emails on a secure internal
> > > network and want to pass them straight thru to a printer anyway.
> > >
> > > This is simple, but it requires that the CC details be in clear.
> > >
> > > How is this best handled?
> > >
> > This has been discussed many times on the list. It boils down to
> > "don't do that". You already start to loose your customer's confidence
> > in your professionality :-(.
> >
> Re-read my second paragraph. I am above average paranoid about network
> security to the extent that the internal network traffic is 3DES
> encrypted, so don't comment on my professionality.
>
I see what you mean about above-average paranoia. I believe that
Racke was commenting on customer confidence, rather than launching
any form of personal attack.
Leaving your professionalism, paranoia and attitude to one side for
a moment, can you explain why you need to send credit card details
to a printer at all?
Perhaps, with more information, some other solution could be suggested.
In the mean time, just "don't do that" with the credit card numbers
and other sensitive information entrusted to you by your customers.
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin@cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/