Could anyone point me in the direction (a) white paper(s) on on-line
credit card processing best practice. There are a lot of vendor specific
information out there (here's your problem and here is the vendor x name's
solution) and it may be that a vendor solution is required, I'm not sure.
Thus far, I have determined that there are a few critical steps to ensure
the security of on-line transactions.
Client authentication -- to verify a users identity (In
liability and integrity terms, should this be handled by the application by
a third party vendor?)
Channel security -- to allow private information transfer (man in
the middle attacks aside, a 128 bit SSL solution is apparently the best
option)
Access control -- to enforce user permissions on data (my assumption
here is a database security architecture. Users need to read product
details from a database, write transaction details etc.)
Does anyone have experience with this from an infrastructure
consultants perspective?
Jeremy Foote
MCSE, CCNA, blah blah blah
Credit card processing 'best practice' guidelines / whitepapers
Foote Jeremy (Platinion - SYD) Tue, 18 Sep 2001 12:31:33 -0700
- Re: Credit card processing 'best practice' ... Foote Jeremy (Platinion - SYD)
- Re: Credit card processing 'best pract... Christian Jean
