RE: Credit card transaction security

[sean.kelly () lanston com]

> From: Rick Smith [mailto:rick_smith () securecomputing com]
>
> What I have heard is that the "state of the art" is to 
> process credit cards
> on separate credit card systems, even for e-commerce sites. 
> Most sites are
> set up to offer telephone ordering and they use the approved telephone
> based system to manually enter e-commerce transactions. 
> Otherwise the bank
> refuses to handle their credit card transactions.

I would not find this at all surprising.  That the auth. is not done via the
internet does not mean it's manually entered though.  You can do it using a
modem or over a dedicated line using some special hardware.  It doesn't cost
very much to do so much as there is a lot of paperwork and verification to
go through before Visanet (or someone else) will work with you.

A few years back myself and another programmer implemented a scheme to do
all of this transparently through SQL using stored procedures.  In
hindsight, I wish that we'd shrink-wrapped the thing.

Sean