I have a associate that I turned onto OSC sometime ago. He foolishly went live with the standard OSC credit card module and of course started noticing numbers getting swiped. He was insistent that it wasn't possible for anyone to get at his card numbers since the middle eight digits weren't stored in the database (emailed to him) and he wasn't storing CVV info. The only way someone could get a complete card number was to hack his database AND his email (he then turns paranoid and suspects an inside job from his webhost). I couldn't really explain it to him in technical terms other than to say a standard shared webserver or database can't be all that secure and surely those CVV and middle eight digits exist someplace for someone knowledgeable to simply take as they wish. Mostly I am just trying to keep him from going bat-crazy over his webhost and blaming them for something that isn't their fault (and also nudge him in the direction of going with a proper cc processing system).
So... can someone please explain in more technical terms, or simply more eloquently, why an OSC standard credit card module is a bad idea and why it is not secure.
Thank you for your help.
Latest News: (loading..)
0
3 replies to this topic
#2
Posted 12 March 2010, 03:39
Jet200, on 11 March 2010, 18:07, said:
(he then turns paranoid and suspects an inside job from his webhost).
Avoid the most asked question. See How to Secure My Site and How do I...?
#3
Posted 12 March 2010, 21:57
mdtaylorlrim, on 12 March 2010, 03:39, said:
Regardless who it is, web host or hacker, the data is not secure and the fines can be enormous.
But the complete data is there for the taking regardless of whether it's broken apart and emailed to him, correct?
#4
Posted 12 March 2010, 22:02
Jet200, on 12 March 2010, 21:57, said:
But the complete data is there for the taking regardless of whether it's broken apart and emailed to him, correct?
Avoid the most asked question. See How to Secure My Site and How do I...?
