Jun 2
E-commerce risks
A superb essay on the concerns facing companies performing credit card transactions online. If your business performs any type of recurring transactions and you need to store CC info, this is worth a read. As developers with a heavy background in security, we’re always alarmed at the way some organizations treat such data (carelessly). In short, if you perform a tranaction, do not store any CC data. If you have to store such information for recurring bills, invest in a secure backend built to handle it. There are no shortcuts.
Given my involvement with several online e-commerce systems, these issues concern me. I look at the issues and see a morass of liability. And each time I look at the problem, the scarier it gets. The first time I worked on a web site that took payments in 1996, the issue didn’t seem so bad. But then, e-commerce was fresh and new. And I was just a junior guy working for a company who shielded me from the risk of my stupidity. Now, ten years later, each time I come up against the problem, and every time I talk in depth with trusted colleagues about it, the darker the pit looks.