« Peering Into The Storage Crystal Ball | Main | The Private Cloud / VCE Presentation »

November 30, 2009

Comments

nate

Sounds/looks like what amazon does, I'm told they patented the process several years ago ("CC motel")..

I like using temporary credit card numbers myself, I generate one on a web site, set the expiration date, set the credit limit, use it, then I go cancel the #. Don't need to worry about how good/bad the vendor's infrastructure is. Also can generate numbers for recurring payments, so if I am charged $100/mo for a year I can setup a CC# for that purpose, if the vendor tries to charge $101 for a particular month it is declined. I even had a charge be declined when a vendor changed their name(they were bought out). So I generated a new CC#.

Doesn't work quite as well at retail outlets but awesome for e-commerce stuff.

One company I worked for dealt with a lot of credit cards, and at least for some time their app had the ability to encrypt the data in the database but it had no way to decrypt it(HAH!), so we had to store the data unencrypted until the app got fixed(I left before it was fixed).

I don't know how common it is anymore but on "lesser" sites I always try to inspect the html to see how the CC information is being submitted, on occasion I have come across a site that just sends everything in a HTML form via email. My information may be encrypted between the server and my browser but who knows where the email is routed to..

I've had my CC# stolen one time in my life(to my knowledge), shortly after getting back from vacation, so I suppose one of the hotels or restaurants I was at swiped it. The bank caught it quick and called me and suspended the account, gave me a new #. I had to sign some form saying I didn't make those charges but I never did find out in detail what charges they were(I hadn't used the card in weeks so was certain those charges were not from me).

The more secure the better of course, I try to be as secure on my side as I can to compensate for any failings on the remote side, because it's pretty rare that an organization will admit to you how they go about collecting/storing/etc that sort of data. Maybe their employees can snag the data by turning up DEBUG logging on the apps *cough*.

Accept Payments

Many companies have been offering this now after PCI's clampdown.

The comments to this entry are closed.

Chuck Hollis


  • Chuck Hollis
    SVP, Oracle Converged Infrastructure Systems
    @chuckhollis

    Chuck now works for Oracle, and is now deeply embroiled in IT infrastructure.

    Previously, he was with VMware for 2 years, and EMC for 18 years before that, most of them great.

    He enjoys speaking to customer and industry audiences about a variety of technology topics, and -- of course -- enjoys blogging.

    Chuck lives in Vero Beach, FL with his wife and four dogs when he's not traveling. In his spare time, Chuck is working on his second career as an aging rock musician.

    Warning: do not ever buy him a drink when there is a piano nearby.

    Note: these are my personal views, and aren't reviewed or approved by my employer.
Enter your Email:
Preview | Powered by FeedBlitz

General Housekeeping

  • Frequency of Updates
    I try and write something new 1-2 times per week; less if I'm travelling, more if I'm in the office. Hopefully you'll find the frequency about right!
  • Comments and Feedback
    All courteous comments welcome. TypePad occasionally puts comments into the spam folder, but I'll fish them out. Thanks!