Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

mrbyte

Pioneers
  • Posts

    10
  • Joined

  • Last visited

Reputation Activity

  1. Like
    mrbyte got a reaction from Dennisra in Manually processing CC - Split Credit Card E-Mail Address not working   
    You're right, no matter how hard I try to fix you, you're still stupid, Dunweb.
     
    I have the PCI spec in front of me, and 3.2 in it's entirety says:
     
    3.2 Do not store sensitive data after authorization, even if encrypted. Sensitive data includes the data as cited in following Requirements 3.2.1 through 3.2.3
     
    Now, do I need to continue, or are we all following along. Good. Note the note that says sensitive data may be stored if there is a business justification and it is stored securely?
     
    Is it because you make so much money misinterpreting the standards? Or is it really just an inability to read, comprehend and understand basic English and how outlines and such work?
     
    Either way, you are a profiteering blowhard.
     
    As far as "Turning me in" go ahead. Good luck with that...
     
    Cheers
  2. Like
    mrbyte reacted to Dennisra in Manually processing CC - Split Credit Card E-Mail Address not working   
    Well said and thank you!!
  3. Like
    mrbyte reacted to totalnumpty in Free templates?   
    But, quite honestly .... a commercial themes developer would naturally say that .... hmmm? "Vested interest" springs to mind.
  4. Like
    mrbyte got a reaction from kymation in Manually processing CC - Split Credit Card E-Mail Address not working   
    I realize I'm new here, and all, but really, I feel I must protest a particular point.
     
    PCI DSS is **NOT** a LAW, it is a standard. Every time you bluster about the "illegality" of manually processing cards I cringe.
     
    Visa and other issuers are not government agencies. They are businesses. At worst, violation of PCI standards is a breach of contract, a civil matter, and the "fines" involved are from Visa/MC/etc, not your local state/provincial governments. Furthermore, they are for *breeches* and not for solely being non-compliant, as I understand.
     
    Finally, the PCI standards prohibit the *storage* of track data and CVV numbers. A PCI compliant manual processing solution *is* possible, but the way you carry on about the "illegal" nature of manually processing credit cards, folks seem to assume the loudest mouth is the wisest, or more likely, they just would rather not get involved in a urination contest with you over it.
     
    Misuse of credit card information *is* illegal, but misuse would be, for example, taking the captured information and fraudulently using that to make charges.Misuse is *not* taking the information and using this information from your own customer to process a sale they have agreed to in the first place.
     
    When I take orders over the phone I need the CVV to process. I don't store the number. When a customer emails me the information, I delete the email after I have processed it. While the email route may not be "compliant" it's not "illegal" and I curtail my risk of a breech by deleting the information after I've processed the order.
     
    Please, stop trying to the the PCI "police."
     
    If you still feel that PCI is a law, please post for me the federal or provincial statutes (for Canada) or the U.S. equivalent.
     
    Cheers.
  5. Like
    mrbyte reacted to powerdrive in Credit Card with CVV2 Version v2.2RC2a   
    Rather than putting the CVV into the database and deleteing it afterwards, can it be sent in an encrypted email separate from the order email? Similar to how the card number is split.
×
×
  • Create New...