Could anyone point me in the direction (a) white paper(s) on on-line credit card processing best practice. There are a lot of vendor specific information out there (here's your problem and here is the vendor x name's solution) and it may be that a vendor solution is required, I'm not sure. Thus far, I have determined that there are a few critical steps to ensure the security of on-line transactions. Client authentication -- to verify a users identity (In liability and integrity terms, should this be handled by the application by a third party vendor?) Channel security -- to allow private information transfer (man in the middle attacks aside, a 128 bit SSL solution is apparently the best option) Access control -- to enforce user permissions on data (my assumption here is a database security architecture. Users need to read product details from a database, write transaction details etc.) Does anyone have experience with this from an infrastructure consultants perspective? Jeremy Foote MCSE, CCNA, blah blah blah
Credit card processing 'best practice' guidelines / whitepapers
Foote Jeremy (Platinion - SYD) Tue, 18 Sep 2001 12:31:33 -0700
- Re: Credit card processing 'best practice' ... Foote Jeremy (Platinion - SYD)
- Re: Credit card processing 'best pract... Christian Jean