On Mar 3, 2013, at 5:08 PM, Aahz Maruch <a...@pobox.com> wrote: > As a programmer myself, agreed except for that very last point. I mean, > the form as a whole shouldn't clear, but it's arguable (though not an > argument I'm going to have on this list ;-) that clearing the credit card > number is a requirement for proper security.
It's arguable based on the exact technical approach in use (eg javascript validation or use of SSL could mitigate the risks) but I do take your point. The same line of thinking applies to passwords as well. Banks are becoming quite strict on credit card details and have been insisting on compliance with the PCI Data Security Standard. When we found out about this a couple of years ago we did some reading and decided it was better to hand everything over to a specialist online payment processor. As such we no longer had to add inputs for the CC details on our systems. Don't get me started about some of the legacy systems I had to support... :) Cheers, Dave -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
