Credit Card Information Standards
-
Hi Guys, I have recently joined a new company. It's a Healthcare company and builds application for your Insurance providers. Now while going through their application I found that they are storing credit card information in their database. Now if a Insurance company sales person reviews your application he can clearly see your Credit Card No and even CVV* :~. I can clearly see that there is something wrong here. We shouldn't even show credit card information to user himself once entered into system. We can show him last 4 digits and allow him to delete or add another one. I tried arguing with guys here about this but they don't agree. Now are there any standards or proper guidelines about storing or handling credit card information in our websites??? Or you think its ok to show user's CC info to some insurance company's sales rep??? Any suggestions are welcome. Thanks.
Keep DotNetting!! GeekFromIndia
-
Hi Guys, I have recently joined a new company. It's a Healthcare company and builds application for your Insurance providers. Now while going through their application I found that they are storing credit card information in their database. Now if a Insurance company sales person reviews your application he can clearly see your Credit Card No and even CVV* :~. I can clearly see that there is something wrong here. We shouldn't even show credit card information to user himself once entered into system. We can show him last 4 digits and allow him to delete or add another one. I tried arguing with guys here about this but they don't agree. Now are there any standards or proper guidelines about storing or handling credit card information in our websites??? Or you think its ok to show user's CC info to some insurance company's sales rep??? Any suggestions are welcome. Thanks.
Keep DotNetting!! GeekFromIndia
geekfromindia wrote:
I tried arguing with guys here about this but they don't agree.
Well the are probably wrong, however "The Decider"s[^] frequently are. ;) Regardless of your size, failure to comply can lead to steep financial and operational penalties. link[^]
led mike
-
Hi Guys, I have recently joined a new company. It's a Healthcare company and builds application for your Insurance providers. Now while going through their application I found that they are storing credit card information in their database. Now if a Insurance company sales person reviews your application he can clearly see your Credit Card No and even CVV* :~. I can clearly see that there is something wrong here. We shouldn't even show credit card information to user himself once entered into system. We can show him last 4 digits and allow him to delete or add another one. I tried arguing with guys here about this but they don't agree. Now are there any standards or proper guidelines about storing or handling credit card information in our websites??? Or you think its ok to show user's CC info to some insurance company's sales rep??? Any suggestions are welcome. Thanks.
Keep DotNetting!! GeekFromIndia
-
Hi Guys, I have recently joined a new company. It's a Healthcare company and builds application for your Insurance providers. Now while going through their application I found that they are storing credit card information in their database. Now if a Insurance company sales person reviews your application he can clearly see your Credit Card No and even CVV* :~. I can clearly see that there is something wrong here. We shouldn't even show credit card information to user himself once entered into system. We can show him last 4 digits and allow him to delete or add another one. I tried arguing with guys here about this but they don't agree. Now are there any standards or proper guidelines about storing or handling credit card information in our websites??? Or you think its ok to show user's CC info to some insurance company's sales rep??? Any suggestions are welcome. Thanks.
Keep DotNetting!! GeekFromIndia
geekfromindia wrote:
I tried arguing with guys here about this but they don't agree
just out of interest how did they argue against such an obvious point? a) i am lazy and i dont want to do anything i am not forced to b) i dont know how to i didnt make the system and am not able to make such changes PS: can i have the IP address of your Database server :laugh:
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius and a lot of courage to move in the opposite direction." -Albert Einstein
-
Hi Guys, I have recently joined a new company. It's a Healthcare company and builds application for your Insurance providers. Now while going through their application I found that they are storing credit card information in their database. Now if a Insurance company sales person reviews your application he can clearly see your Credit Card No and even CVV* :~. I can clearly see that there is something wrong here. We shouldn't even show credit card information to user himself once entered into system. We can show him last 4 digits and allow him to delete or add another one. I tried arguing with guys here about this but they don't agree. Now are there any standards or proper guidelines about storing or handling credit card information in our websites??? Or you think its ok to show user's CC info to some insurance company's sales rep??? Any suggestions are welcome. Thanks.
Keep DotNetting!! GeekFromIndia
-
geekfromindia wrote:
I tried arguing with guys here about this but they don't agree
just out of interest how did they argue against such an obvious point? a) i am lazy and i dont want to do anything i am not forced to b) i dont know how to i didnt make the system and am not able to make such changes PS: can i have the IP address of your Database server :laugh:
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius and a lot of courage to move in the opposite direction." -Albert Einstein
DownUnderDev wrote:
just out of interest how did they argue against such an obvious point?
No need to argue, they are the Deciders [^]. :-D
DownUnderDev wrote:
PS: can i have the IP address of your Database server [Laugh]
I thought the same. :-D
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles]
