Im hoping someone can answer this for me. I need to find info regarding the responsibility of an ISP/ webhost to secure the transmission of private information (banking info, credit card)on its systems
The sittuation is as follows:
Client wants to receive banking/cc info from their customers. Client wants to pass that data from a form on their website, under ssl layer, via email to an employee.
Whats your take on this., where could i find some type of documentation on this
FYI: hosting company is based in canada, as is client.
Yes but going through webmail can be a hassle. It's been my experience that the process is rather slow. However, like stated in post 2, once it is out of the server and in an e-mail it isn't secure anymore.
Here's a question: will one account be sent to an employee at a time? Or will it be a larger batch file? A simple, and more secure way, would be to do a batch and zip/encrypt it.
The way most companys do this is that the information gets directly downloaded from the database to the user's terminal at the company. I worked for a mail-order company and that's how it's done there. They didn't download the information to one computer and then transmit it to another.
Are all computers on the same network? File sharing is a little more secure than e-mail these days.
thanks for the feedback.
1. all email is downloaded to workstations.
2. each time information is submitted, it is sent to specific email accounts.
3. All client computers are on the same network, not the email or www server, should make a difference though, im not concerned with what they do with the data once they have, my concern is how they get it.
im having my lawyers look into this, ill post info if i get any.
Visa will be really be enforcing compliance of their CISP (Cardholder Information Security Program) by October of this year.
Many gateways and processors have already become fully compliant or are well on their way towards doing so. I'm not 100% sure if the CISP guidelines are the same for Canada as for the USA, my guess would be that they would be the same.
PM with your fax # if you'd like a copy of the guidelines and I can dig them up and send them over to you.
CDGcommerce.com - Trusted Merchant Account Solutions since 1998
Many thousands of successful, growing businesses benefit from our expertise every day. You can, too!
We help merchants to eliminate gateway costs, reduce & mitigate fraud and achieve streamlined PCI compliance. Learn more today at http://www.cdgcommerce.com - we look forward to helping your business grow!