Quote:
Originally Posted by cstreit
It suprised me when they said they weren't sure.... It's pretty much Online Security 101 to never store the credit-card number on a publically exposed system.
|
yea that's if the company cares to go with security. back in college, i worked for a small (3 programmers) company that did web stores. select * from orders would get me couple thousand ccnumber and billing addresses.
even now, a customer service rep with good memory could take your ccnumber over the phone and jot it down. it's not as secure as people think unless you're willing to jump some hoops, such as temporary credit card numbers. and even then, it won't protect you against an angry underpaid programmer.