Hi,

Just wondering...

If a server which holds customers creditcard info (whether it is encrypted or not) is hacked, and the stolen creditcards are used.

Can customers sue you for the damage because the creditcard info was stolen from your server?

Can you put in your contract that you cannot be held responsible for creditcard fraude or anything of the kind?

How does it work?

An online database of credit card numbers is a tragedy waiting to happen.

If you database gets compromised, every person in the database will get a call from their bank telling them that their card has been cancelled and a new one is in the mail ... it's happened to me before. (my card, not my customers)

In my case, the bank would not tell me which site was hacked. So to answer your question, it is unlikely you will be sued unless the bank tells the customer that it was at your site where they got hacked.

Also, since the customer will not be held liable for purchases made on a stolen credit card, they really have no damages to sue for.

The moral of the story is: Keep your customers credit card info in an offline database.

The moral of the story is: Keep your customers credit card info in an offline database.

One reason I like 2checkout (who I just started using) or other 2rd party processors.

Maybe it's not as "professional" as having my own database of credit card numbers but I don't lay awake nights wondering if my DB is secure!

Originally posted by Dixiesys


One reason I like 2checkout (who I just started using) or other 2rd party processors.

Maybe it's not as "professional" as having my own database of credit card numbers but I don't lay awake nights wondering if my DB is secure!

I agree with you, I could care less if I come off as less 'professional'
just as long as my customer's credit cards are safe, and security
wise I don't have to worry about being a target of some person
that wants to 'hack' me for my credit card database.

I know a lot of people use a public/private key system and only enter the passphrase for the private key when they need to decrypt the CC details, which is quite secure as long as you don't pick a really short passphrase or easy to crack password.

If you're going to handle credit cards yourself, then save the data externally, like on a diskette.

several providers I know do their credit cards offline just the reasons that you state.

It takes more time but the sense of peace if worth it.

Originally posted by urk5
several providers I know do their credit cards offline just the reasons that you state.

It takes more time but the sense of peace if worth it.

I don't speak for anyone else, but at the very least I'd like the CC information on a computer of some kind (though I use Revecom). I don't particularily like the idea of storing anything where it can be accidentally wiped out by a fridge magnet...

Originally posted by Relyc


I don't speak for anyone else, but at the very least I'd like the CC information on a computer of some kind (though I use Revecom). I don't particularily like the idea of storing anything where it can be accidentally wiped out by a fridge magnet...

Why not store this information on a dedicated PC that you only connect to your Network when you need to update or bill?

An alternative (one that I use for my own business for a non-related issue) is a removable HD



TomD

tom@2checkout.com

Originally posted by otherground
An online database of credit card numbers is a tragedy waiting to happen.


Hehe, no eason to wait... ***** managed exactly this a while ago :rolleyes: