[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] payment method
- Subject: RE: [cobalt-users] payment method
- From: "Samuel Jones" <sejones@xxxxxxxxxxxx>
- Date: Sun Feb 18 13:46:02 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Derrick, what I do when I accept cc, after the customer enters what they
want to purchase on my non secure server. When they are ready to pay for
their order they are transferred to a secure server at Card Service
International where they enter their name and all the other information.
This way if the **** hits the fan about a credit card, I can truthfully say
we never had the credit card information and refer the to Card Service
Internationa.
sejones@xxxxxxxxxxxx
www.blackowl.com
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Derrick Hall
Sent: Saturday, February 10, 2001 11:27 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] payment method
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Carrie
Bartkowiak
Sent: Thursday, February 08, 2001 8:13 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] payment method
Hey guys,
The system that I'm building is going to have three options for taking
payment info from the customer:
1. No credit card/payment data accepted online; instead the customer enters
all of the *other* information and then when the domain is set up they'll be
sent instructions on how to pay (like through PayPal, or send them a
Have the credit card info be kept off line. have it email it as an
attachment or something and the host can import it to a database off line.
Billpoint or ProPay invoice, etc.)
2. Credit Card number will be accepted online, where the host can then plug
it in wherever they do their credit card transactions
3. Feed the total fee to a link that will lead to whatever secure webpay
gateway you might use; like PayPal or Clickbank or CCNow or a place like
that (I know, CCNow doesn't do services, it's an example)
My problem is with Option 2.
I'm really *really* wary about putting a customer's cc info anywhere on a
server where there are also hosting clients. Customers with telnet can just
go and browse into folders and gather information at their leisure - so
that's out. Even if the folder is password protected, it still won't stop
someone who's got shell access. (Unless someone can tell me what
permissions/ownerships to put on a folder so that the server can go in and
write to a file, but no one from telnet can browse in there except for
root?)
I can put the info into a MySQL table but again, I'm not comfortable enough
with the security to do this.
But I really do want the ability to let the host keep the cc info on hand
and then they've got it for monthly billing, extra fees for time spent
helping the customer, etc.
Does anyone have any suggestions about where I can dump the cc info and be
confident that it's safe? Even a temporary situation would work, where the
info gets dumped until the host has the opportunity to go in and record it
on paper and delete the entries once a day or something - but I still want
the info to be as safe as possible (again, from telnet access).
Help?
The system is almost ready for release, this one thing is holding me up,
though.
Carrie B
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users