Credit Card and Sensitive Data

Much more damaging to an association's reputation than altered web content would be a breach that allowed credit card numbers to be compromised. If a web site has forms that accept credit card payments, these numbers must be transmitted between systems and stored somewhere. Some options that do not require credit card numbers to be stored on your own web servers will be discussed in the E-Commerce section.

Compromise of credit card information has a very good chance of permanently losing members or customers. As one of more than a hundred thousand customers whose credit card information was compromised when CD Universe had one of their databases stolen, I know from personal experience. I had to cancel the credit card and then cancel pending purchases at other sites. Because the other sites had no means of changing a credit card on a pending order, I lost discounts for pre-ordered merchandise. I had used the same or similar username and password at a number of sites and had to change the password at all these (passwords were also included in the stolen database). Now no two web sites that I use have similar passwords. I requested removal of all my information from CD Universe's databases and informed them I would never use them again.

In a case where the actual financial loses are significant, the card holders or issuing bank might hold the organization that caused the compromise, liable for their loses.

Even more serious could be the exposure of personal information where the value or damage to those whose information was exposed is intangible. A Spanish TV game show used a web site to collect contestant information. The web site was compromised and the contestant infomation made public. The game show producers are facing many millions of dollars in law suits. Admittedly European privacy laws are strong and US laws weak. Still, depending on what sensitive information is compromised and the losses such compromise might result in, there could be financial or legal repercussions in addition to the loss of reputation as a result of a major web site compromise.

Top of Page - Site Map

Copyright © 2000 - 2014 by George Shaffer. This material may be distributed only subject to the terms and conditions set forth in http://GeodSoft.com/terms.htm (or http://GeodSoft.com/cgi-bin/terms.pl). These terms are subject to change. Distribution is subject to the current terms, or at the choice of the distributor, those in an earlier, digitally signed electronic copy of http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the time of the distribution. Distribution of substantively modified versions of GeodSoft content is prohibited without the explicit written permission of George Shaffer. Distribution of the work or derivatives of the work, in whole or in part, for commercial purposes is prohibited unless prior written permission is obtained from George Shaffer. Distribution in accordance with these terms, for unrestricted and uncompensated public access, non profit, or internal company use is allowed.