[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] payment method

Subject: RE: [cobalt-users] payment method
From: "Derrick Hall" <admin@xxxxxxxxxxxxxxxxxxx>
Date: Wed Feb 14 03:39:16 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Carrie
Bartkowiak
Sent: Thursday, February 08, 2001 8:13 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] payment method

Hey guys,
The system that I'm building is going to have three options for taking
payment info from the customer:
1. No credit card/payment data accepted online; instead the customer enters
all of the *other* information and then when the domain is set up they'll be
sent instructions on how to pay (like through PayPal, or send them a
Have the credit card info be kept off line.  have it email it as an
attachment or something and the host can import it to a database off line.

Billpoint or ProPay invoice, etc.)
2. Credit Card number will be accepted online, where the host can then plug
it in wherever they do their credit card transactions
3. Feed the total fee to a link that will lead to whatever secure webpay
gateway you might use; like PayPal or Clickbank or CCNow or a place like
that (I know, CCNow doesn't do services, it's an example)

My problem is with Option 2.
I'm really *really* wary about putting a customer's cc info anywhere on a
server where there are also hosting clients. Customers with telnet can just
go and browse into folders and gather information at their leisure - so
that's out. Even if the folder is password protected, it still won't stop
someone who's got shell access. (Unless someone can tell me what
permissions/ownerships to put on a folder so that the server can go in and
write to a file, but no one from telnet can browse in there except for
root?)
I can put the info into a MySQL table but again, I'm not comfortable enough
with the security to do this.

But I really do want the ability to let the host keep the cc info on hand
and then they've got it for monthly billing, extra fees for time spent
helping the customer, etc.

Does anyone have any suggestions about where I can dump the cc info and be
confident that it's safe?  Even a temporary situation would work, where the
info gets dumped until the host has the opportunity to go in and record it
on paper and delete the entries once a day or something - but I still want
the info to be as safe as possible (again, from telnet access).

Help?
The system is almost ready for release, this one thing is holding me up,
though.

Carrie B

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- RE: [cobalt-users] payment method
  - From: Samuel Jones

References:
- [cobalt-users] payment method
  - From: Carrie Bartkowiak

Prev by Date: [cobalt-users] Telnet Access
Next by Date: RE: [cobalt-users] IPs related to hackers
Previous by thread: [cobalt-users] payment method
Next by thread: RE: [cobalt-users] payment method

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index