Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Manually processing CC - Split Credit Card E-Mail Address not working


J_Fyrebird

Recommended Posts

Relationship between PCI DSS and PA-DSS

Clarified that use of a PA-DSS compliant application alone does not make an entity PCI DSS compliant.

 

When it comes to protecting yourself/your business from liabilities do not take the word of internet keyboard warriors at face value. (especially when they are interpreted to favor their own practices)

 

Contact your own merchant account provider and get clarification on any issues/questions. (If you are "afraid" to mention your current practices to your merchant account provider then that itself should be a HUGE flashing warning sign that you are probably doing something incorrectly)

 

If you fail to do your "due diligence" and just plod on as before, one day you might get a very nasty surprise when you find out that lamenting "BUT I DID NOT KNOW THAT" or "BUT I THOUGHT IT MEANT THAT" or "MY INTERPRETATION OF THAT WAS" does not hold much weight when i comes to payment data security.

Link to comment
Share on other sites

My understanding is that 3.2.2 over-rules 3.2, thus CVV should never (in any circumstance) be stored before during after authorization...

 

However 1.1.2 of PA-DSS is interesting, and seems to totally contradict my understanding of it!

 

Thanks for the conversation, it's been illuminating.

 

You are most welcome ;-)

 

I can see how one would think that 3.2.2 would overrule 3.2, but I believe it's actually subject to 3.2. It's only the PA-DSS that is specific in each point that it's after authorization.

 

I've never advocated storing sensitive information beyond authorization, ever.

 

When it comes to protecting yourself/your business from liabilities do not take the word of internet keyboard warriors at face value. (especially when they are interpreted to favor their own practices)

 

Contact your own merchant account provider and get clarification on any issues/questions. (If you are "afraid" to mention your current practices to your merchant account provider then that itself should be a HUGE flashing warning sign that you are probably doing something incorrectly)

 

If you fail to do your "due diligence" and just plod on as before, one day you might get a very nasty surprise when you find out that lamenting "BUT I DID NOT KNOW THAT" or "BUT I THOUGHT IT MEANT THAT" or "MY INTERPRETATION OF THAT WAS" does not hold much weight when i comes to payment data security.

 

Quite right. One must do their own research.

 

I talked to my provider yesterday, and while I didn't make it a point blank question, I did mention it in passing, and there was no outburst of "you CAN'T do that!!!!"

 

However, I also found out that I was incorrect in my estimate of what a gateway will cost. So, personally, I will be getting one if my site passes 5 orders a month. (I had set my "trigger" at 10 per month before.) My provider didn't seem to think this was a bad thing.

Link to comment
Share on other sites

You're right, no matter how hard I try to fix you, you're still stupid, Dunweb.

 

I have the PCI spec in front of me, and 3.2 in it's entirety says:

 

3.2 Do not store sensitive data after authorization, even if encrypted. Sensitive data includes the data as cited in following Requirements 3.2.1 through 3.2.3

 

Now, do I need to continue, or are we all following along. Good. Note the note that says sensitive data may be stored if there is a business justification and it is stored securely?

 

Is it because you make so much money misinterpreting the standards? Or is it really just an inability to read, comprehend and understand basic English and how outlines and such work?

 

Either way, you are a profiteering blowhard.

 

As far as "Turning me in" go ahead. Good luck with that...

 

Cheers

 

Well said and thank you!!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...