Internet.com ISP-Planet

 


Sections

 • Best of the Lists
 • Business
 • CLEC-Planet
 • Equipment
 • Executive
   Perspectives
 • Fixed Wireless
 • Investor
 • Marketing
 • Market Research
 • News
 • Notable Quotes
 • Politics
 • Profiles
 • Resources
 • Technology
 • Value-Added
   Services
 • Webhosting
Also ...
 • About Us
 • Authors
 • Letters
  • Site Map
 • Technology Jobs


 
ISP Glossary
Find an ISP Term
 
Search ISP-Planet


Search internet.com
 
internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

internet.commerce
Be a Commerce Partner
ISP Webhosting

Best of the ISP-Lists

Credit Card Conundrum

Members of the ISP-Webhosting list discuss an e-commerce question: If your webhosting clients are storing credit card information on your system, are you liable for damages if that information is stolen?

[April 11, 2001]
Email a colleague

On the ISP-Webhosting list in April, DN inquired,

"Some of our website developer partners are starting to do more e-commerce. I recently found out that they are storing credit card information on our servers. I am concerned that if we get hacked, someone will come back and sue us. Any advice?"

A number of respondents suggested keeping such data away from the web server:

[JM offered] "If a client needs to store sensitive data, they shouldn't be doing so on shared servers. A lot more security can be placed on dedicated machines. Plus, for most e-commerce applications, it's unnecessary to store credit card information. Developers should be encouraged not to store any sensitive data on public servers."

[GW warned] "Don't ever put anything of a business critical or sensitive nature on a web server! They just aren't that secure. Such things should be put on a second sever behind another firewall. The web server should only be used for serving up pages."

Others observed that you really can't prevent hackers from getting in, but you can encrypt the data inside:

[JM noted] "Virtually any network is hackable. It's the responsibility of the developer to store credit card numbers or other sensitive data on the database server using strong encryption. Then even if you do get hacked, there should be relatively little damage."

[WW agreed] "It really is not difficult to make sure that the credit card data is encrypted in the database."

TA suggested that it's best to leave the technical side of things alone and just cover yourself legally:

"This is more of a network administrator thing than a web programmer thing. We give our clients the option of storing sensitive data. If they decide they want to, though, we make sure they understand that, while we take reasonable precautions, there is still a chance that data can be stolen, and they agree not to hold us responsible."

—End

Related articles:
  [Feb. 14, 2001] When Subscribers Pay You With Theft
  [Dec. 23, 2000] Transaction Processing Services
  [Jun. 15, 2000] IP Security and NAT: Oil and Water?

   
Online resources:
 ISP-Planet Legal Resources
 CLEC-Planet Legal Resources

 

 

Feedback

Advertising inquiry? Click here!

ISP-Planet's RSS feed

#