You can eliminate the liability issue with a clearly worded attachment to y our signed client service agreement, backed up by a couple of emails that y ou make sure you save.
As was mentioned before, capturing the cc is sometimes the only option. Fo r example, if no real-time cc auth is in place and the merchant is running purchases thru a different service manually. Strictly a small-business, lo w-site-volume issue, but inescapable. BTW I'm really impressed with the cfx_pwdtextcrypt tag mentioned earlier. For $US39 and a little elbow grease I built a nice little 1024-bit private/ public key system into a client's store yesterday. --------------------------------------- Matt Robertson [EMAIL PROTECTED] MSB Designs, Inc., www.mysecretbase.com --------------------------------------- ---------- Original Message ---------------------------------- from: Thane Sherrington <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] date: Mon, 28 Jan 2002 17:03:20 -0400 At 12:17 PM 1/28/02 -0800, Jennifer Larkin wrote: >But you work with computers and you understand the issues. Most people >prefer convenience because they don't know better. What you just wrote Here's an issue. If you store CC numbers, and get hacked, you may be liable. Do you really want that? Is it worth potential liability in order to save your customers from typing a few numbers? Here's a suggestion that might help - store everything but the last four numbers in a hashed format. The customer still has to type something in, but it's only 4 numbers, and it makes it virtually impossible to be hacked. T ______________________________________________________________________ Why Share? Dedicated Win 2000 Server · PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
