> On Wed, 2004-08-11 at 11:53, Chris Ochs wrote: > > I thought I would chime in here. Many are probably not aware of the new > > security regulations by Visa and Mastercard that are now in effect. > > Thanks for the info, Chris. Is Payment Online a Verisign competitor? > Does it have a mod_perl-friendly API? > Yes I would say we are a competitor, and we do have a perl api that works fine under mod perl. It's basically just an ssl connection to our gateway passing the correct parameters. We do not use a separate client like Verisign does for their api product.
> > Among the requirements, all card data must be encrypted and stored on a > > server that is not directly connected to the internet > > I assume a database server would qualify as long it's on a separate > machine from your web app. Yes, as long as it's not directly reachable from the public internet, such as behind a nat that is itself behind a screened subnet. > > > you have to use two factor authentication for all > > remote access > > What counts as two factor authentication here? Something like IP > address and password? Or do you have to plug some physical key into the > web server so it can access the database? Two factor is commonly considered something you have, and something you know. The most common method is to use a hardware token such as a smart card which generates one time passwords that can be used to login. I highly recommend Cryptocard myself. RSA has their SecureID, but at 10X the price and less flexibility. Chris > > - Perrin > > -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html