Freelancers Network
 
skill list top cap
Homepage
Join the Freelancer's Network
Update your details
Find a freelancer
Post a project
Find a project
Projects Archive
Post a job
Find a job
Jobs Archive
See Dan's Pages
See Andy's Pages
Link to this site
Resources
Join/Leave Forum
Forum Messages
+Additions+ Adverts
Advertising
Contact Us
Subscribe to our newsletter - enter your email address and hit return
Freelancers.net is owned and operated by Andy Stowell and Dan Winchester
skill list end cap
guru web hostcom

Find me again on Freelancers.net

RE: FN-FORUM: Storing CC details?

date posted 16th May 2007 20:28

Far better if you need to allow "re-purchase" is to use a provide that
will provide a continuous authorisation or similar so that instead of
storing a credit card you store an authentication key which is only
valid for that card for the "agreement" that the customer has made.=20

-----Original Message-----
From: [EMAIL REMOVED] [EMAIL REMOVED] On Behalf Of Peter
Agambar
Sent: 16 May 2007 20:23
To: Andy Macnaughton-Jones
Subject: RE: FN-FORUM: Storing CC details?


Jurai,

This is covered under the data protection act, and the freedom of
information act, as well as Sarbanes Oxley, Financial regulation act and
a host of other regulations.

I think it's not the case of "can you" it's a case of " Should you".

There are some essential questions you should ask before storing CC
details.
1. What reason would you need other than making it simpler when
customers return to re-use the site.
2. Do you have the customer permission (this has to be given not
accepted as true).
3. Are you using a database that complies with BS 17799 or ISO 17799
for storing personal data.
4. The server where the database is behind a separate network layer
isolated from the internet?

If all the above is true ( and I've missed out many more) then you need
to ensure that the personal details are kept separate from the cc
details and that both are encrypted. The database has to have
referential integrity rules applied, be normalised and have a history
file.

But as far as the data protection act goes, if you have no reason to
hold the CC details then you will be in breech of the data protection
act. And this has to be a very good reason, not that it'll make life
easier reason.

Couple of useful links

http://www.opsi.gov.uk/ACTS/acts1998/19980029.htm

http://www.direct.gov.uk/en/RightsAndResponsibilities/DG_10028507


Peter=20

=20

> -----Original Message-----
> From: [EMAIL REMOVED] [EMAIL REMOVED] On Behalf Of=20
> Juraj Seffer
> Sent: 16 May 2007 19:51
> To: FN-FORUM / [EMAIL REMOVED]
> Subject: FN-FORUM: Storing CC details?
>=20
>=20
> Hi all,
>=20
> Any idea if storing Credit Card details in a database (except CVV) is=20
> legal in the UK and if it requires a licence?
>=20
> Thanks
> Jay
>=20
> --
> Freelancers, contractors earn more with Prosperity4 Call 0870 870 4414

> or visit www.prosperity4.com and benefit from Inland Revenue approved=20
> expenses today.
>=20
> To advertise here: http://www.freelancers.net/advertising.html
>=20
>=20
--
Freelancers, contractors earn more with Prosperity4 Call 0870 870 4414
or visit www.prosperity4.com and benefit from Inland Revenue approved
expenses today.

To advertise here: http://www.freelancers.net/advertising.html

Messages by Day
May 31st 2007
May 30th 2007
May 29th 2007
May 28th 2007
May 27th 2007
May 26th 2007
May 25th 2007
May 24th 2007
May 23rd 2007
May 22nd 2007
May 21st 2007
May 20th 2007
May 19th 2007
May 18th 2007
May 17th 2007
May 16th 2007
May 15th 2007
May 14th 2007
May 13th 2007
May 12th 2007
May 11th 2007
May 10th 2007
May 9th 2007
May 8th 2007
May 7th 2007
May 6th 2007
May 5th 2007
May 4th 2007
May 3rd 2007
May 2nd 2007
May 1st 2007


Messages by Month
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007


Messages by Year
2008
2007
2006
2005
2004
2003
2002
2001
2000