Jet200 Posted March 11, 2010 Share Posted March 11, 2010 I have a associate that I turned onto OSC sometime ago. He foolishly went live with the standard OSC credit card module and of course started noticing numbers getting swiped. He was insistent that it wasn't possible for anyone to get at his card numbers since the middle eight digits weren't stored in the database (emailed to him) and he wasn't storing CVV info. The only way someone could get a complete card number was to hack his database AND his email (he then turns paranoid and suspects an inside job from his webhost). I couldn't really explain it to him in technical terms other than to say a standard shared webserver or database can't be all that secure and surely those CVV and middle eight digits exist someplace for someone knowledgeable to simply take as they wish. Mostly I am just trying to keep him from going bat-crazy over his webhost and blaming them for something that isn't their fault (and also nudge him in the direction of going with a proper cc processing system). So... can someone please explain in more technical terms, or simply more eloquently, why an OSC standard credit card module is a bad idea and why it is not secure. Thank you for your help. Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted March 12, 2010 Share Posted March 12, 2010 (he then turns paranoid and suspects an inside job from his webhost). Regardless who it is, web host or hacker, the data is not secure and the fines can be enormous. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
Jet200 Posted March 12, 2010 Author Share Posted March 12, 2010 Regardless who it is, web host or hacker, the data is not secure and the fines can be enormous. But the complete data is there for the taking regardless of whether it's broken apart and emailed to him, correct? Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted March 12, 2010 Share Posted March 12, 2010 But the complete data is there for the taking regardless of whether it's broken apart and emailed to him, correct? Yes, the only secure way to accept a credit card is using strong encryption to transmit the data to your cc provider and pass PCI compliance as required, or send your customer to the cc card provider website to complete the transaction. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.