The audit and controls sections of the act could pertain here. > -----Original Message----- > From: Mark A Kruger [mailto:[EMAIL PROTECTED] > Sent: Friday, January 13, 2006 12:37 PM > To: CF-Talk > Subject: RE: Encrypt CC number and store in DB > > Tim, > > Sarbanes Oxley is a rule set for tracking compensation of > employees - particularly company officers. It does indeed > specify a lot of requirments for storage - but mostly of > internal company information. CC numbers have more to do with > privacy of customer information - yes? > > -mark > > > -----Original Message----- > From: Tim Heald [mailto:[EMAIL PROTECTED] > Sent: Friday, January 13, 2006 10:09 AM > To: CF-Talk > Subject: RE: Encrypt CC number and store in DB > > > If you work at a publicly traded company you need to look > into Sarbanes Oxley as well > > > -----Original Message----- > > From: Baz [mailto:[EMAIL PROTECTED] > > Sent: Friday, January 13, 2006 10:34 AM > > To: CF-Talk > > Subject: RE: Encrypt CC number and store in DB > > > > I read a bit about PCI Data Security Standard and it > doesn't seem to > > be a big deal. This article summarizes it: > > http://mkruger.cfwebtools.com/index.cfm?mode=alias&alias=cc.secure > > > > > > The standard doesn't even ask that you encrypt stored values > > - just the transmission of values (SSL) > > > > It really defines minimums. > > > > Baz > > > > > > > > -----Original Message----- > > From: Robertson-Ravo, Neil (RX) > > [mailto:[EMAIL PROTECTED] > > Sent: Friday, January 13, 2006 10:05 AM > > To: CF-Talk > > Subject: RE: Encrypt CC number and store in DB > > > > Just ensure you are 100% compliant with the PCI Data Security > > Standard, or you can pay the consequence. > > > > > > > > -----Original Message----- > > From: Baz [mailto:[EMAIL PROTECTED] > > Sent: 13 January 2006 15:11 > > To: CF-Talk > > Subject: RE: Encrypt CC number and store in DB > > > > Those are good points bobby, but I'm sure you could think > of at least > > 1 valid scenario where CC numbers are required for later charging... > > > > What about using a CC number to see if that CC has enough funds and > > then doing the charging it later? Or better yet, what if you have > > customers who purchase very frequently? They DEMAND to have their > > number stored instead of typing it in each time. > > > > These are already 2 valid cases. > > > > Baz > > > > > > -----Original Message----- > > From: Bobby Hartsfield [mailto:[EMAIL PROTECTED] > > Sent: Friday, January 13, 2006 9:23 AM > > To: CF-Talk > > Subject: RE: Encrypt CC number and store in DB > > > > Do you actually get people to give you their credit card > information > > without them even knowing: > > a) how much they are going to be charged > > b) whether or not you charge them more for shipping because > of where > > they live > > c) if what they WANT to order is even in stock? > > > > If so, you must have one user friendly, warm and fuzzy feeling > > generating site to make people feel that comfortable. > > (is it basket basics dot com?) > > > > Why would any of that information (in stock, shipping cost, > shipping > > location, etc..., and a FINAL price) not be obtainable > BEFORE getting > > the credit card number? If any of it IS unobtainable > without a Credit > > Card number, it sounds like a flawed system to me. > > > > > > ....:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:. > > Bobby Hartsfield > > http://acoderslife.com > > > > > > > > -----Original Message----- > > From: Stephens, Larry V [mailto:[EMAIL PROTECTED] > > Sent: Friday, January 13, 2006 8:44 AM > > To: CF-Talk > > Subject: RE: Encrypt CC number and store in DB > > > > The best way is DO NOT DO IT. > > > > No I'm not just being sarcastic....but there should be no > reason to do > > this > > > > [snip] > > > > Except - we don't know the final cost until the items purchased are > > packaged and postage/freight is figured. (And we make sure > the items > > are actually in stock and not on order, etc.) The > configuration (i.e., > > number of boxes) can vary a great deal depending on what is ordered > > (some things will pack inside others, etc.) and, of course, > the actual > > charge depends on where you are shipping it (and keeping up > with UPS > > and USPS shipping tables is no trivial matter). > > > > Larry Stephens > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229484 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54