Re: online stores and security.
by "Nancy Whittley" <jnwhittley(at)fuse.net>
|
| Date: |
Wed, 18 Oct 2000 12:02:56 -0400 |
| To: |
"Mike Taylor" <lonewolf(at)one.net>,
<hwg-techniques(at)hwg.org> |
| References: |
one |
| |
todo: View
Thread,
Original
|
|
The shopping cart I use, gives the person a confirmation page with details
about
their order, but doesn't show the credit card number at all. A receipt is
sent to
the customer, with no credit card numbers either. My client is sent a copy
of
the order, without the credit card number. They have to log onto a secure
sever
and put in their login and password to retrieve their card numbers, so they
can
process the orders. They chose not to use Real Time Processing. Once
the numbers are retrieved, then they are deleted from the system.
I would say if your software has to display something to put the X's in as
others have
said, or eliminate that part all together and not display any numbers.
Nancy
> I think he's overreacting. How do those of you out there handle your
> order confirmation pages? What we always did (up until yesterday) was
> display the information as a confirmation for the customer's benefit and
> record keeping. We also send them an email confirmation (we do the online
> confirmation for immediacy). I can't imagine a circumstance where someone
> could retrieve someone's credit card information being displayed back to
> the client on a secure server.
HWG hwg-techniques mailing list archives,
maintained by Webmasters @ IWA