Results 1 to 6 of 6
  1. #1
    Join Date
    Mar 2004
    Location
    Montreal
    Posts
    9

    Question transmission of banking information

    Im hoping someone can answer this for me. I need to find info regarding the responsibility of an ISP/ webhost to secure the transmission of private information (banking info, credit card)on its systems
    The sittuation is as follows:
    Client wants to receive banking/cc info from their customers. Client wants to pass that data from a form on their website, under ssl layer, via email to an employee.

    Whats your take on this., where could i find some type of documentation on this

    FYI: hosting company is based in canada, as is client.

    Thanks.

    Ronnie
    Sys Admin
    Daslweb.com

  2. #2
    Join Date
    Jul 2003
    Location
    Castle Pines, CO
    Posts
    7,189
    Once it hits e-mail though, it is not secure whatsoever. This could maybe him & you liable since he has informed you that he wants to pass CC data to an e-mail.

  3. #3
    Join Date
    Feb 2004
    Posts
    390
    If the client's email is on the same server that you are collecting the data from (and they use webmail instead of downloading the email), it is just as secure as if it were stored in a database, etc.

  4. #4
    Join Date
    Mar 2004
    Location
    Connecticut, USA
    Posts
    264
    Yes but going through webmail can be a hassle. It's been my experience that the process is rather slow. However, like stated in post 2, once it is out of the server and in an e-mail it isn't secure anymore.

    Here's a question: will one account be sent to an employee at a time? Or will it be a larger batch file? A simple, and more secure way, would be to do a batch and zip/encrypt it.

    The way most companys do this is that the information gets directly downloaded from the database to the user's terminal at the company. I worked for a mail-order company and that's how it's done there. They didn't download the information to one computer and then transmit it to another.

    Are all computers on the same network? File sharing is a little more secure than e-mail these days.
    - Chris
    [email protected]
    www.totalmindblow.com
    www.theundergroundfiles.com

  5. #5
    Join Date
    Mar 2004
    Location
    Montreal
    Posts
    9
    Hi,
    thanks for the feedback.
    to clarify:
    1. all email is downloaded to workstations.
    2. each time information is submitted, it is sent to specific email accounts.
    3. All client computers are on the same network, not the email or www server, should make a difference though, im not concerned with what they do with the data once they have, my concern is how they get it.

    im having my lawyers look into this, ill post info if i get any.
    thanks again.

  6. #6
    Join Date
    Aug 2003
    Location
    Chesapeake, VA
    Posts
    3,379
    Visa will be really be enforcing compliance of their CISP (Cardholder Information Security Program) by October of this year.

    Many gateways and processors have already become fully compliant or are well on their way towards doing so. I'm not 100% sure if the CISP guidelines are the same for Canada as for the USA, my guess would be that they would be the same.

    PM with your fax # if you'd like a copy of the guidelines and I can dig them up and send them over to you.
    CDGcommerce.com - Trusted Merchant Account Solutions since 1998
    Many thousands of successful, growing businesses benefit from our expertise every day. You can, too!
    We help merchants to eliminate gateway costs, reduce & mitigate fraud and achieve streamlined PCI compliance.
    Learn more today at http://www.cdgcommerce.com - we look forward to helping your business grow!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •