At 9:52 AM +0200 6/1/10, Peter Lind wrote:
Just wondering: seems there's a bit of a misunderstanding going on
here. Are you talking about storing credit card information in a way
such that customers can do online transactions without entering that
information? Or are you talking about storing this information so your
own company can fill in the details on a monthly basis?
If 1) then the above points apply and you should not store the data,
period. If 2) then I would assume the situation is somewhat different
- though, not knowing the laws from the US I wouldn't really know.
Regards
Peter
Peter:
Yes to the first.
I am sure there are all sorts of situations, but in most of the
problematic ones I've encountered the clients want to have customers
logon and have all their credit card information automatically filled
into their forms for purchase. This requires that somewhere on the
site all customer's data are kept in a manner that can be accessed
and used -- and therein lies the problem.
Clients (mine) often think that a web site should be as safe as their
brick and mortar operations and as such offer similar services --
namely having a past customer's data waiting and available for
immediate purchase without having to brother the customer for it
again -- like having a card file.
Unfortunately, the security aspects of the web require different
thinking -- the web is not brick and mortar, which provides both
concern and opportunity.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
