I wonder if we are breaking any laws by having customers card details within Actinic on our pc's? I've mentioned before that I really think that Actinic should have a password system or something to avoid a stolen pc being read by the crims.
Announcement
Collapse
No announcement yet.
Security issue.
Collapse
X
-
I think that you are meant to delete them when you have finished with them. That is one of the reason that I use worldpay - I don't like the idea of being responsible for peoples credit cards details.
Regards,Jan Strassen, Mole End Software - Plugins and Reports for Actinic V4 to V11, Sellerdeck V11 to V2018, Sellerdeck Cloud
Visit our facebook page for the latest news and special offers from Mole End
Top Quality Integrated label paper for Actinic and Sellerdeck
A4 Paper with one or two peel off labels, free reports available for our customers
Product Mash for Sellerdeck
Link to Google Shopping and other channels, increase sales traffic, prices from £29.95
Multichannel order processing
Process Actinic, Sellerdeck, Amazon, Ebay, Playtrade orders with a single program, low cost lite version now available from £19.95
Comment
-
You might be breaking some laws. I'd guess it probably depends on how well your PC is protected. I'm sure of course that a security minded person such as yourself doesn't allow anonymous login to the admin account on your PC.
Mike
PS. I'm like Jan and use a PSP for peace of mind. I never see any credit card details and all I can do post-purchase is a refund.-----------------------------------------
First Tackle - Fly Fishing and Game Angling
-----------------------------------------
Comment
-
Hi George
Avoiding the issue are we?
With regards to your question about breaking the laws, i have not seen this written anywhere at all. At present we are investigating into the whole username/password dialog for version 7.
As Mike said, you can product your pc by not allowing anonymous login, or you could go one stage forward and set up a BIOS password to prevent unauthorised access to your pc from bootup.
Kind RegardsNadeem Rasool
SellerDeck Development
Comment
-
On the same issue, is the credit card data encrypted in the database. It's no use locking access to Actinic if the back door is open.
Mike-----------------------------------------
First Tackle - Fly Fishing and Game Angling
-----------------------------------------
Comment
-
Kind of what I suspected. If someone managed to hack into your PC and download the database then they'd have all the customers details including address and credit card data.
Personally, I think the CC data should be encrypted in the database. But not everything please as access to the database is important for accounting and stock control.
Mike-----------------------------------------
First Tackle - Fly Fishing and Game Angling
-----------------------------------------
Comment
-
Originally posted by djferrosI don't see the problem with this. If anyone used my Card fraudulently i'd just tell my Card company and they would get the money back for me. (we'll thats what they say).
Comment
-
Originally posted by fleetwoodDee - Thats EXACTLY the problem! If someone was to steal your database of customer and credit card details, the defrauded customers could get their money back - from the RETAILER at fault. Thats you and me!!!
It's not just your database you have to worry about being stolen though - if you print a Data Entry Report or Invoice, this also contains the card details, and the banks insist you retain all documentation relating to card transactions for 6 months. (Not forgetting Inland Revenue & VAT who expect you to keep 6 years records, including "all invoices, sales slips, delivery notes, purchase orders and correspondence relating to sales"). Then of course there are telephone and mail order transactions to worry about as well, so a secure filing system would be required for all the paperwork too! (and a good shredder to dispose of all the paper safely when it can eventually be disposed of!!)
At least if your database is stolen, and you are aware it has been, you should be able to restore it from a backup, which would let you supply the police and PSP with a list of compromised cards which could then be stopped to prevent them being used.Brian
www.flowergallery.co.uk
Same day flower delivery to UK
Same day flower delivery to Republic of Ireland
International Flower Delivery
Located in Argyll, Scotland, UK
Comment
-
We suggest Authorize.net payment gateway. We never receive a credit card at all from any transaction completed through the web site. The gateway accepts clears and processes all payments and all we see is an authorization code. SO there is no issue with insecure databases holding credit cards. If a real time payment gateway is not an option I would suggest that you consider accepting cards securely using the actinic software and immediatly after processing the transaction through your credit card terminal remove the transaction from Actinic and purge all orders. This will remove data which should be secure from the actinic dataabse. You should also take proper access control proceedures for your computer to protect customer data.
Now I know no one has ever read all the fine print that comes with a merchant account however if you accept visa credit cards then your a member of Visa merchants and bound to the terms of the visa merchant agreement which has very detailed requirements for the handling and processing of credit cards. I suggest a day of Research is needed to review the visa.com web site ane lean more about your obliagtions as a merchant. And btw if your database is hacked and your cleints credit cards are exploited because of your merchant data processing proceedures you as the hacked merchant are liable for the purchases made through your security loop hole. As well you can be fined ( in the US its 25k for a negligent breech).
Care should be taken with holding and storing credit cards. At the end of the day its your ass if things go bad. Read all about internet merchant processing and verified by visa to protect yourself.
BrianBrian Johnson
:::Sure Solutions Inc:::Professional Actinic templates from Buythisdesign.com:::
1-732-528-7635 x203
Comment
-
Yep, using PSPs gets my vote too.
People complain about the cost, but to me the time taken to manaully process cards has to add up to more than the PSP charge, and not having the security issues of holding CC detail on a PC is crucial.
I had never actually thought to much about CC details and small businesses who use their own CC processing. I shall certainly bear this in mind when ordering in the future. Just imagine a small business running actinic on a laptop....and the laptop stolen whilst its owner is on a train or in a shopping centre or just walking down the road.
Maybe the data protection act should be added to this discussion too...
Comment
Comment