> Message: 1 > Date: Sat, 16 Oct 2004 08:57:47 -0700 > From: Nifty Hat Mitch <mitch48@xxxxxxxxxxxxx> > Subject: Re: InnoDB? > To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx> > Message-ID: <20041016155746.GA12973@xxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset=us-ascii > > > > Thank you for the reply. I understand the reasoning behind your > > response. My company and I were thinking about storing the numbers > > permanently but I guess that will not be a good idea. There is a > > firewall being deployed also. However, I do see the point. . . . . . . . > > One way to think about storing multiple customer credit card > numbers is to consider them as a liability or perhaps toxic > waste. An individual like me may be off the hook with my > credit card company if my account number is stolen once. > However your company may not be off the hook if thousands of > account numbers are released to an international crime group > should you be hacked or a trusted employee turn bad. Such an event happened to a discount store chain in my area. Several thousand card numbers were stolen from one of the store's computers. If I remember correctly, an employee made off with numbers stored online. Thousands of customers were inconvenienced because their cards were disabled before they could be notified. Several lawsuits are now in the works from banks seeking to recover the costs of replacing the compromised cards and creating new accounts. I was affected, and was extremely angry when my bank informed me of the problem. The bank manager noted that there's absolutely no need for a merchant to store credit card numbers. Once a transaction is authorized, the authorization number is all that is needed to secure payment. It goes without saying that I don't shop there anymore. Their discounts are way too expensive. Erik