Credit Card and Sensitive Data
Much more damaging to an association's reputation than altered
web content would be a breach that allowed credit card numbers to
be compromised. If a web site has forms that accept credit card
payments, these numbers must be transmitted between systems and
stored somewhere. Some options that do not require credit card
numbers to be stored on your own web servers will be discussed in
the E-Commerce section.
Compromise of credit card information has a very good chance of
permanently losing members or customers. As one of more than a
hundred thousand customers whose credit card information was
compromised when CD Universe had one of their databases stolen, I
know from personal experience. I had to cancel the credit card
and then cancel pending purchases at other sites. Because
the other sites had no means of changing a credit card on a
pending order, I lost discounts for pre-ordered merchandise. I
had used the same or similar username and password at a number of
sites and had to change the password at all these (passwords were
also included in the stolen database). Now no two web sites
that I use have similar passwords. I requested removal of all my
information from CD Universe's databases and informed them I
would never use them again.
In a case where the actual financial loses are significant, the
card holders or issuing bank might hold the organization
that caused the compromise, liable for their loses.
Even more serious
could be the exposure of personal information where the value or
damage to those whose information was exposed is intangible. A
Spanish TV game show used a web site to collect contestant
information. The web site was compromised and the contestant
infomation made public. The game show producers are facing many
millions of dollars in law suits. Admittedly European privacy laws
are strong and US laws weak. Still, depending on what sensitive
information is compromised and the losses such compromise might result
in, there could be financial or legal repercussions in addition to
the loss of reputation as a result of a major web site compromise.
Top of Page -
Site Map
Copyright © 2000 - 2014 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
http://GeodSoft.com/terms.htm
(or http://GeodSoft.com/cgi-bin/terms.pl).
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the
time of the distribution. Distribution of substantively modified
versions of GeodSoft content is prohibited without the explicit written
permission of George Shaffer. Distribution of the work or derivatives
of the work, in whole or in part, for commercial purposes is prohibited
unless prior written permission is obtained from George Shaffer.
Distribution in accordance with these terms, for unrestricted and
uncompensated public access, non profit, or internal company use is
allowed.
|