Re: Re: Thwarting Screen Scrapers

do you store cc numbers?

Wouldn't that be an incredibly bad practise? I have worked on a number of ecommerce projects but none of them stored the credit card number. Ever.

If you store card numbers in your database and your server gets cracked then the cracker can get all the card numbers. My legal knowledge is small but I'd have thought a system design like that would leave you open to criminal negligence suits. If you don't store the card numbers there is no exposure.

Comment on Re: Re: Thwarting Screen Scrapers

Replies are listed 'Best First'.
Re: Re: Re: Thwarting Screen Scrapers by fireartist (Chaplain) on Jul 19, 2002 at 11:53 UTC
I know, I was going to add a disclaimer, but didn't bother. I said "do you?", because I know that some do it. - Amazon, for example, records my cc number. I have read about methods of storing cc numbers by using a machine behind a firewall, which the cgi server can access, but can't itself be accessed directly from the internet. I don't know all the implications/applications of this, so that's why I didn't go into it. (and don't really want to still ;)	[reply]

Replies are listed 'Best First'.

Re: Re: Re: Thwarting Screen Scrapers
by fireartist (Chaplain) on Jul 19, 2002 at 11:53 UTC

disclaimer

"do you?"

(and don't really want to still ;)

[reply]