[OWASP-GUIDE] Anyone from a CC issuer / banking CC services here?

Mark Curphey mark at curphey.com
Thu Jun 3 15:04:22 EDT 2004

What was the contact details for that lady at Visa who contacted us ?


From: owasp-guide-admin at lists.sourceforge.net
[mailto:owasp-guide-admin at lists.sourceforge.net] On Behalf Of Andrew van der
Sent: Thursday, June 03, 2004 10:34 AM
To: owasp-guide at lists.sourceforge.net
Subject: [OWASP-GUIDE] Anyone from a CC issuer / banking CC services here?

Hi there,


I wish to include something in the Guide on how to correctly deal with CC
storage and handling. I think the Guide is possibly missing something about
secret storage, which is something I think we all struggle with.  


I usually push my clients towards the Visa Merchant Guidelines
(https://www.visa.com/_gds_mod/fb/merchants/gds/downloads.html ) but rarely
does that help people understand the real reasons behind why these
guidelines exist, nor are everyone I deal with merchants. For example, I've
done work for loyalty programs before, and I've found they really didn't
understand the risk despite their close relationship with their issuing
partner (who are Visa/MC part-owners).


I see a few paragraphs detailing:


*	best practices for accepting CC payments 

*	why you don't store any CC numbers, ever. (Except when you have to,
and what to do if you have to.) 

*	Presenting a CC number safely to call centre staff, sending out to
customers via e-mail, logging, etc 

*	working with auth numbers 

*	handling reversals 

*	what to look for in a CC gateway provider 

*	Where to go for more information 


Anyone from CC issuers / bank CC departments here who wants to work on this
quickly? More to the point, is there space for it to appear in 2.0?




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-guide/attachments/20040603/ab89d0ba/attachment.html 

More information about the Owasp-guide mailing list