Re: ssl security
From: snake (snake35@blueyonder.co.uk)
Date: 05/10/02
- Next message: Ryan: "Re: Interview with Brian Valentine, MS's security initiative head honcho"
- Previous message: Steve Foster [SBS MVP]: "Re: Interview with Brian Valentine, MS's security initiative head honcho"
- In reply to: Andrew van der Stock: "Re: ssl security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "snake" <snake35@blueyonder.co.uk> Date: Fri, 10 May 2002 18:14:11 +0100
thank very much guys.
the advice has been great...
i'm going with a the info being stored on the server.
maybe in time i will have the oppertunity to use online cc transactions...
again thanks
"Andrew van der Stock" <ajv@greebo.net> wrote in message
news:#Pt5Hs19BHA.2644@tkmsftngp03...
> Hi there,
>
> 1) I think you are creating more work for yourself. Also, please be aware
> that Visa has set some guidelines in relation to credit card handling:
>
> https://www.visa.com/_gds_mod/fb/merchants/gds/main.html
>
https://www.visa.com/_gds_mod/fb/merchants/gds/pdf/AcctInfoSecBestPracticesG
> uide.pdf
>
> Some of these "best practices" will become minimum standards in your
> merchant agreement before too long. Do not expect to be able to have CC
> details lying around any more. And personally, if I was a merchant, I
simply
> wouldn't want the risk.
>
> As a security consultant, I always tell merchants to never keep CC account
> details, get the auth directly from an online CC provider (even Visa can
do
> this for you now). Your bank is likely to offer this service as well, as
> well as a number of third party organizations*. Mr Pidgorny works for a
> large bank, maybe he could elucidate further on what to look for in an
> online CC payments gateway provider. :-)
>
> 2) They rarely have a clue, but they should know how to talk to an online
CC
> payments gateway, and provide you with a reference site that already does
> this. Getting the details correct is not too hard, but be worried if they
> try using a service that requires the server to be logged in all the time
> (I've actually seen this... - they used a server-side Java application and
> didn't know how to make svrany work).
>
> Andrew van der Stock, MCSE
> ajv@greebo.net
>
> * I hate those spam messages that say "accept credit cards now". It
> tarnishes the entire industry.
> * Just in case you didn't know, it's my personal belief that
> http://www.paypalsucks.com/
>
> "snake" <snake35@blueyonder.co.uk> wrote in message
> news:ab97un$ghsg8$1@ID-110653.news.dfncis.de...
> > hi...
> >
> > i'm currently getting an e commerce site developed.
> > i have all the SSL stuff sorted out from that side of things it's fine.
> > but when i recieve credit card info (at the site) my intention was that
> the
> > credit card info should be e-mailed to my in encrypted form. then i will
> > phone thru orders
> > 1) is this ok
> > 2) when asking web designers about this what answer am i looking for.
> >
> > i want to ensure that i'm getting info as securely as possible.
> > this is a start up so i can't afford the initial expense of on-line cc
> > authorising.
> > the language being used to develop site is .asp
> >
> > ANY advice would be greatly appreciated...
> >
> >
>
>
- Next message: Ryan: "Re: Interview with Brian Valentine, MS's security initiative head honcho"
- Previous message: Steve Foster [SBS MVP]: "Re: Interview with Brian Valentine, MS's security initiative head honcho"
- In reply to: Andrew van der Stock: "Re: ssl security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
