I have to shift all of my customers to their service
Not really, they should handle only the operations related to the monetary transaction, and never touching the credit card info of your customers protects you from potential slander too.
If you store the keys
If you do that, you really have to be sure what you're doing. In an deal world I would not touch anybody elses certificates, or anything else that can be used to compromise the security of their system. When the sh*t hits the fan, people will be looking for scapegoats - so I do things the standard way leveraging the capabilities provided by the platform that can be configured using tools provided by the platform vendor.
I'm not joking about the payment gateway vendors here in the US.
In the beginning, about the year 2006, one company in Denver Colorado offered the token service.
I wanted to write for Chase Payment Tech, but JP Morgan cut a deal with a company in Denver to give them all the gateway business, but in exchange, you had to use their token system. They wanted my company to pay them a huge fee to use the system ($7500.00 USD), plus change my software to a single payment gateway solution.
I did some digging, and found the API for Orbital-Salem and Tampa, and a sandbox yo test against, and was able to write my code for Payment Tech.
In about the year 2010, I started getting calls from these small payment gateway start ups. Same scenario, but they claimed to pay for everything. But the terms of agreement were identical.
In the year 2011, I started getting calls every Friday morning, from various payment gateway companies offering the same exact service with the same exact terms, after a couple of months, they kept calling and starting threatening me with terrible scenarios.
I've come to the conclusion that someone out there wrote a token system for payment gateways, and sold hundreds of copies of the program to cash in on the credit card processing market.
Overall when considering the trade off, with morality as the focal point, I don't want to get locked into their system, locked in to monthly fee's being raised every 6 months, out of control AVS look up surcharges, Batch Capture surcharges, to the point where the normal service fee of $20.00 a month goes to $150 a month. - And then I'm trapped and I can't leave them, because my application is dependent on them.
I'm not looking at this from just a programming point of view, or the theory of practical security, shifting responsibility or blame up the ladder. I see the whole picture in play here.
I can see me getting blamed for not protecting the tokens and it all comes back on me.
I respect your opinion, and overall in theory it makes pure sense, and is the logical choice of course, but then the morality of people come into play here.
Money, morality - those are words you seldom see mentioned in the same sentence.
I've implemented 'real security' three times in my life - I think the stuff I did works as it's supposed to, but that's the only pieces of code I've written that I've ever been really nervous about.
I like your website, nice and clean.
Thank you, I think it needs a brush-up to look modern, and lately a few pages doesn't work as they are supposed to. I looked long and hard at a prize winning site when I built it, and I guess I borrowed more than a few ideas.
You lit my fire today, and hit the torture button on me.
After reading Jasmines comment,
I was wondering who's drinking the red or blue kool-aid. (Kool-aid is a powdered drink for kids that comes in various colors and flavors, with a reference to Morpheus and the red or blue pill).
I wrote my eCommerce App, sweated out the credit card encryption and security for years, had numerous conversations on the subject. And the question I always ask myself, are they really that much better than me, or is it just talk and aggressive persuasion, projecting pure confidence on the subject as if I'm a moron, yet they did the minimum required to protect sensitive or personal information.
Perhaps it's like stealing money, you can rob it from the cash draw, skim it, rob a bank, counterfeit it, swindle it, create digital counterfeit currency, steal it electronically, and it just goes on and on, limited only by the imagination.
Espen Harlinn wrote:
I've implemented 'real security' three times in my life
When our time comes and we pass on, we may never know the answer. Your a sharp guy, I'm sure you thought it through.
Alright, this is a dead horse for me, and I'm not going to beat it with my stick anymore.
To close, the answer I always got back was the same, - people will hack the path of least resistance. - Joe Maloney
The difference is, the token authorizes a certain thing, like a one-time payment, on a particular card. The card number itself authorizes almost anything you want to do. So, the token protects both parties.
For PCI compliance you CAN NOT store the CC NUMBER. You must obtain a token from the authorizing service and you must use that. Some tokens are one-time usage, but others may be stored to authorize monthly payments for example. You may store and display the "LAST 4" of the credit card number to help the user identify which account is being used.
Dear All, I am facing this problem when accessing ASP.net Web Site Administration Tool. If I put my website in C: then this ASP.net Web Site Administration Tool work good but when I try to open it for website located somewhere else in my Hard Disk then it gives me above mentioned error.
I have added the AutoCompleteExtender feature for a text box in a user control. I have used the user control in a page. The AutoCompleteExtender feature is not working for very first time. Can some one help me on this.
I have added the AutoCompleteExtender feature for a text box in a user control. I have used the user control in a page. The AutoCompleteExtender feature is not working for very first time. Can some one help me on this. More over I'm new to .net
This is an English language web site, not French. If you expect to get an answer at least have the courtesy to run your question through a translation tool before posting.
Il s'agit d'un site Web en langue anglaise, pas le français. Si vous prévoyez d'obtenir une réponse au moins avoir la courtoisie de faire fonctionner votre question à travers un outil de traduction avant de poster.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. nils illegitimus carborundum
In addition to being in the wrong language, this question is really too general to answer. There's a thousand techniques for creating drop-down menus with sub-menus. You need to decide one of those techniques and attempt to implement it. If you have trouble getting it to work, come and ask questions.
I am IT Programming graduate with MCPD and MCTS qualifications . I have been looking for an entry role since i graduated and recently i have been offered an internship. I have to start on 2013/04/06.
I am glad that this is the chance to unfold my career.
The language that i will be using is C#,HTML,SP.net and SQL. i have been told that i will start by designing the forms according to business rule or clients requirements.
Can you please give me some tips in order for me to succeed in my Internship?
Here's the best tip you'll ever get about starting a new job...
Forget everything you learned in college. You are in the real world now.
I think you will find that the work environment will shock you at first. DON'T cause trouble - you are there to learn everything you didn't learn in college, which is, well, everything. So, keep in mind, when you see something that feels wrong, don't point out that it's wrong, try to figure out why it's right in the real world, and what were the lies they told you in college to make it sound right in the classroom.
I have a couple of placeholders in a form to hide / show fields depending on a boolean. My form controls are all laid out like the following, each contol is on it's own line and when output as html (afaik) should still be on it's own line.
I don't want the controls to render on a new line. I would like the whitespace kept in the html output so it gives that single space. I've added the html below to better explain. This is what the controls in the placeholder output like, no whitespace between them even though there is whitespace / line breaks in the ASCX files as shown in my original post.