6 Replies - 1645 Views - Last Post: 20 August 2008 - 02:25 AM

#1 didgy58  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 246
  • Joined: 23-October 07

credit card and databases

Posted 19 August 2008 - 02:25 AM

hi guys, just wondering on your point of view about this next question, its kind of open to all people so placed it here,

im currently working as a web developer and we have a client who is being very stubborn, he wants to have a online shop no trouble done this manytimes before, now we suggested using the likes of paypal world pay etc to handle the transactions (which are an average of 1 a week!!!) he says no as he has a pdq machine he is already paying for in work that he uses for telephone orders and wants to use this, this pdq can be upgraded for internet use but he doesnt want to pay the extra,

he wants us to store credit card details in a database where he can access these and run them through his pdq machine offline, now we have said no!!! as this isnt right, if that db gets hacked then all those details are vulnerable, he didnt want to pay the extra percentage costs that occur when using paypal but was willing to get his own server and host the db on there to store the details so it has no connections with us at all, now im just wondering what you guys think

have you ever had any customers like this, and how would you go about solving this kind of issue cause we are at logger heads, we have done a load of work on the rebuild etc. and is staring to get to us!!!

Is This A Good Question/Topic? 0
  • +

Replies To: credit card and databases

#2 no2pencil  Icon User is offline

  • Admiral Fancy Pants
  • member icon

Reputation: 5364
  • View blog
  • Posts: 27,325
  • Joined: 10-May 07

Re: credit card and databases

Posted 19 August 2008 - 02:46 AM

If you are storing credit cards into a database, they had better meet Payment Card Industry (PCI) Data Security Standards (DSS). If the customer decides to be completely stubborn, it might be better off financially to loose him as a customer, & allow him to sink on his own ship.

But to answer your question, yes, customers can be extremely difficult. I've had a few that want to change everything at the last moment, & they expect the world. There was even one customer who seams to think that code is just created out of thin-air, & that everything conviently point-&-clicks itself right into place. I showed her the nearly 2 thousand lines of code *from 3 php files*. Threw the paper down *Slam* "Here, maybe you'd like to help me debug this?!"
Was This Post Helpful? 0
  • +
  • -

#3 BenignDesign  Icon User is offline

  • holy shitin shishkebobs
  • member icon




Reputation: 6180
  • View blog
  • Posts: 10,683
  • Joined: 28-September 07

Re: credit card and databases

Posted 19 August 2008 - 04:19 AM

I have to agree with No2 on this one. Ditch the client. Regardless of manhours invested. Regardless of the much money the rebuild was worth. Ditch the guy.

A temporary loss right now is a much smaller setback than a lawsuit later on. It sounds to me like he's going to sink his ship and yours.

This post has been edited by BenignDesign: 19 August 2008 - 04:20 AM

Was This Post Helpful? 0
  • +
  • -

#4 Amadeus  Icon User is offline

  • g+ + -o drink whiskey.cpp
  • member icon

Reputation: 248
  • View blog
  • Posts: 13,507
  • Joined: 12-July 02

Re: credit card and databases

Posted 19 August 2008 - 05:31 AM

It's possible that dropping the client may not be feasible...although the OP did not mention, this client could represent a significant percentage of the firm's business.

I'd suggest a two pronged approach:

1. Prepare a business case that details the costs of each solution, both short and long term (third party app like Paypal vs. in house hosted requirements).
2. Assuming the client will still refuse, I'd suggest reviewing the link that no2 has provided, and developing a solution that takes security of the box (physical and connection) as well as security of the information (read encryption decryption) into account. It can be done - many companies have in house payment and financial information processing systems. At the very least you'd need some good encryption/decryption methods (preferably not something every Tom/Dick/Harry uses) and a secure location for the box. you'd then need to design the solution in such a way that the biox can only be accessed by a limited (preferably one) number of connections.
Was This Post Helpful? 0
  • +
  • -

#5 Moonbat  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 36
  • View blog
  • Posts: 424
  • Joined: 30-June 08

Re: credit card and databases

Posted 19 August 2008 - 01:56 PM

Maybe it's because I haven't worked in a corporate-type environment before, but couldn't the OP just make the client agree to a lengthy "If X goes wrong we aren't responsible" disclaimer?
Was This Post Helpful? 0
  • +
  • -

#6 JBrace1990  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 110
  • View blog
  • Posts: 760
  • Joined: 09-March 08

Re: credit card and databases

Posted 19 August 2008 - 02:57 PM

possibly, but i doubt that would stand up from a legal standpoint... something like credit card numbers are a very serious problem... i'd tell the boss that either go with paypal, or they're open from a legal standpoint...
Was This Post Helpful? 0
  • +
  • -

#7 didgy58  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 246
  • Joined: 23-October 07

Re: credit card and databases

Posted 20 August 2008 - 02:25 AM

thanks for all the comments and there has been a lengthy debate with the client, still no outcome and he has threatened to go with another company, our reply was ok np im sure ull get the same answer from them as well!!!
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1