My merchant provider levies monthly fines based on how many of their security restrictions you fail to follow. I follow as many as are reasonably practical, but I think it's virtually impossible to follow them all, such as absurdly expensive (and probably unnecessary) hardware. IMHO, some of the restrictions are based less on reality and more on their security consulting firm's ability to frighten them. Their consulting firm's disclosed commissions on the fines creates an inherent conflict of interest.
Goofily, my provider's fine structure does not differentiate between transactions that are merely processed on my server with no storage, and transactions originating from a card number stored on my server. So I have to constantly weigh the monthly fines vs. the cost of the upgrades vs. the amount of money that my various services bring in. There is no perfect solution. Nevertheless, I'm very open to any suggestions people have for transactions requiring that I keep the card number (in this case, recurring monthly charges where the customers choose not to use PayPal etc. and where too many customers would flake or get frustrated if forced to re-enter their card info every month for an annoyingly small transaction). Sorry this is getting a little off-topic for PHP. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
