From: Paul M Foster on
On Mon, May 31, 2010 at 05:06:23PM -0400, tedd wrote:

> At 12:36 PM -0400 5/31/10, I wrote:
>> That's Okay, but I'm simply telling you what I KNOW to be true. You
>> may either accept what I have to say, or reject it, but to reply
>> that what I say is "Not true" is somewhat offensive and
>> confrontational. I hope you didn't mean it that way. :-)
>
> My apologies for taking what you said as I did and my reply -- it was
> wrong of me. I am sure you didn't mean anything offensive.

You are correct. I meant no offense. In turn, when I read your post, it
appeared that you were making a blanket statement applicable under all
conditions, to which I objected. However, reading back over it, you did
insert qualifiers.

Paul

--
Paul M. Foster
From: Peter Lind on
Just wondering: seems there's a bit of a misunderstanding going on
here. Are you talking about storing credit card information in a way
such that customers can do online transactions without entering that
information? Or are you talking about storing this information so your
own company can fill in the details on a monthly basis?
If 1) then the above points apply and you should not store the data,
period. If 2) then I would assume the situation is somewhat different
- though, not knowing the laws from the US I wouldn't really know.

Regards
Peter

--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
From: Paul M Foster on
On Tue, Jun 01, 2010 at 09:52:54AM +0200, Peter Lind wrote:

> Just wondering: seems there's a bit of a misunderstanding going on
> here. Are you talking about storing credit card information in a way
> such that customers can do online transactions without entering that
> information? Or are you talking about storing this information so your
> own company can fill in the details on a monthly basis?
> If 1) then the above points apply and you should not store the data,
> period. If 2) then I would assume the situation is somewhat different
> - though, not knowing the laws from the US I wouldn't really know.

No to #1, yes to #2.

As for #1, companies like Godaddy do store this information, so I know
it can be safely done.

But no, we do #2. If we were doing #1, I would turn this over to some
gateway and not save the info.

I'm not sure any of this has to do with laws. It has more to do with the
PSS and the rules of individual credit card companies (Visa, American
Express, etc.).

Paul

--
Paul M. Foster
From: Peter Lind on
On 1 June 2010 15:58, Paul M Foster <paulf(a)quillandmouse.com> wrote:
> On Tue, Jun 01, 2010 at 09:52:54AM +0200, Peter Lind wrote:
>
>> Just wondering: seems there's a bit of a misunderstanding going on
>> here. Are you talking about storing credit card information in a way
>> such that customers can do online transactions without entering that
>> information? Or are you talking about storing this information so your
>> own company can fill in the details on a monthly basis?
>>  If 1) then the above points apply and you should not store the data,
>> period. If 2) then I would assume the situation is somewhat different
>> - though, not knowing the laws from the US I wouldn't really know.
>
> No to #1, yes to #2.
>
> As for #1, companies like Godaddy do store this information, so I know
> it can be safely done.

As I noted above: the question is not whether it can be done, the
question is whether you want to be the next critter in the limelight
because *you* couldn't do it.
However, glad to hear you're not looking to do this. That brings up
the next question though: what's this got to do with PHP? If I was to
store any information like this, I certainly wouldn't code my own
storage system with built-in encryption. I would rely on one of the
many adequate cryptography programs available, made specifically for
encrypting and storing data safely.

Regards
Peter

--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
From: tedd on
At 9:24 PM -0400 5/31/10, Paul M Foster wrote:
>On Mon, May 31, 2010 at 05:06:23PM -0400, tedd wrote:
>
>> At 12:36 PM -0400 5/31/10, I wrote:
>>> That's Okay, but I'm simply telling you what I KNOW to be true. You
>>> may either accept what I have to say, or reject it, but to reply
>>> that what I say is "Not true" is somewhat offensive and
>>> confrontational. I hope you didn't mean it that way. :-)
>>
>> My apologies for taking what you said as I did and my reply -- it was
>> wrong of me. I am sure you didn't mean anything offensive.
>
>You are correct. I meant no offense. In turn, when I read your post, it
>appeared that you were making a blanket statement applicable under all
>conditions, to which I objected. However, reading back over it, you did
>insert qualifiers.
>
>Paul

Okay, let's not get a room over this. :-)

Cheers,

tedd

--
-------
http://sperling.com http://ancientstones.com http://earthstones.com