Re: SetHeader not Working

This WebDNA talk-list message is from

2006


It keeps the original formatting.
numero = 67511
interpreted = N
texte = Bess, I think you are confusing a couple of different things here. I do recall some months ago at my day job, we kept getting emails and phone calls from some company designated by Visa to 'certify' our web security for our stored CC's (except we don't store CC's anyplace!). There were some new VISA rules (like John mentioned - these are between the merchant and Visa only) that requires that you be certified *IF* you are storing CC numbers. I believe part of it was that if you are not certified and you do something that allows the numbers to get out, you agree as part of your VISA agreement to be liable for various fees and VISA fines. On the other hand, there are new (proposed?) federal laws to go after businesses that release private personal information. While somewhat related, the government can not throw you in jail for storing a credit card number of your end customer. I believe any such infractions are civil in nature only, not criminal. /http://www.*visa*.com/cisp / ------------ How CISP compliance works CISP compliance is required of all merchants and service providers that store, process, or transmit Visa cardholder data. The program applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e-commerce. Compliance with CISP means compliance with the PCI Data Security Standard with the required program validation. The Payment Card Industry (PCI) Data Security Standard offers a single approach to safeguarding sensitive data for all card brands. Other card companies operating in the U.S. have also endorsed the PCI Data Security Standard within their respective programs. Using the PCI Data Security Standard as its framework, CISP provides the tools and measurements needed to protect against cardholder data exposure and compromise. The PCI Data Security Standard (PDF, 149k) consists of twelve basic requirements and corresponding sub-requirements categorized as follows: [table removed] Compliance validation Separate and distinct from the mandate to comply with the PCI Data Security Standard is the *validation* of compliance whereby entities verify and demonstrate their compliance status. It is a fundamental and critical function that identifies and corrects vulnerabilities, and protects customers by ensuring that appropriate levels of cardholder information security are maintained. Visa has prioritized and defined levels of compliance validation based on the volume of transactions, the potential risk, and exposure introduced into the payment system by merchants and service providers. Member responsibilities Members must comply with CISP and are responsible for ensuring the compliance of their merchants, service providers, and their merchants' service providers. Acquirers must include a CISP compliance provision in all contracts with merchants and Nonmember agents. Specific compliance requirements and validation criteria are provided at this website. CISP compliance penalties If a member, merchant or service provider does not comply with the security requirements or fails to rectify a security issue, Visa may: * Fine the responsible member * Impose restrictions on the merchant or its agent Loss or theft of account information A member or the member's service provider, or a merchant or the merchant's service provider must immediately report the suspected or confirmed loss or theft of any material or records that contain Visa cardholder data. If a member knows or suspects a security breach with a merchant or service provider, the member must take immediate action to investigate the incident and limit the exposure of cardholder data. If a Visa member fails to immediately notify Visa USA Fraud Control of the suspected or confirmed loss or theft of any Visa transaction information, the member will be subject to a penalty of $100,000 per incident. Members are subject to fines, up to $500,000 per incident, for any merchant or service provider that is compromised and not compliant at the time of the incident. ------------- Dale Bess Ho wrote: > Boy... I just get back from my trip. I have a lot to catch up. I lost my grandmother and I have to prepare and get ready for the funeral in next few wks. > > I can't recall all the detail. Just trust my word for now. It is not just a business policy. > > -----Original Message----- > From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of > John Peacock > Sent: Monday, June 19, 2006 12:04 PM > To: WebDNA Talk > Subject: Re: SetHeader not Working > > > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: SetHeader not Working ( "Dan Strong" 2006)
  2. Re: SetHeader not Working ( "Bess Ho" 2006)
  3. Re: SetHeader not Working ( "Bess Ho" 2006)
  4. Re: SetHeader not Working ( Brian Fries 2006)
  5. Re: SetHeader not Working ( "Bess Ho" 2006)
  6. Re: SetHeader not Working ( Matthew Bohne 2006)
  7. Re: SetHeader not Working ( "Dan Strong" 2006)
  8. Re: SetHeader not Working ( Gary Krockover 2006)
  9. Re: SetHeader not Working ( Donovan Brooke 2006)
  10. Re: SetHeader not Working ( "Bess Ho" 2006)
  11. Re: SetHeader not Working ( "Bess Ho" 2006)
  12. Re: UCE: Re: SetHeader not Working ( Dale Lists 2006)
  13. Re: SetHeader not Working ( Dale Lists 2006)
  14. Re: SetHeader not Working ( Donovan Brooke 2006)
  15. Re: SetHeader not Working ( Sandie L Miller 2006)
  16. Re: SetHeader not Working ( Matthew Bohne 2006)
  17. Re: SetHeader not Working ( John Peacock 2006)
  18. Re: SetHeader not Working ( Matthew Bohne 2006)
  19. Re: SetHeader not Working ( Bob Minor 2006)
  20. Re: SetHeader not Working ( "Bess Ho" 2006)
  21. Re: SetHeader not Working ( John Peacock 2006)
  22. Re: SetHeader not Working ( "Bess Ho" 2006)
  23. Re: SetHeader not Working ( WJ Starck 2006)
  24. Re: SetHeader not Working ( Bob Minor 2006)
  25. Re: SetHeader not Working ( "Bess Ho" 2006)
  26. Re: SetHeader not Working ( Donovan Brooke 2006)
  27. Re: SetHeader not Working ( "Bess Ho" 2006)
  28. Re: SetHeader not Working ( WJ Starck 2006)
  29. Re: SetHeader not Working ( John Peacock 2006)
  30. Re: SetHeader not Working ( "Bess Ho" 2006)
  31. Re: SetHeader not Working ( Donovan Brooke 2006)
  32. Re: SetHeader not Working ( John Peacock 2006)
  33. Re: SetHeader not Working ( Donovan Brooke 2006)
  34. Re: SetHeader not Working ( Clint Davis 2006)
  35. Re: SetHeader not Working ( Clint Davis 2006)
  36. Re: SetHeader not Working ( WJ Starck 2006)
  37. SetHeader not Working ( Clint Davis 2006)
Bess, I think you are confusing a couple of different things here. I do recall some months ago at my day job, we kept getting emails and phone calls from some company designated by Visa to 'certify' our web security for our stored CC's (except we don't store CC's anyplace!). There were some new VISA rules (like John mentioned - these are between the merchant and Visa only) that requires that you be certified *IF* you are storing CC numbers. I believe part of it was that if you are not certified and you do something that allows the numbers to get out, you agree as part of your VISA agreement to be liable for various fees and VISA fines. On the other hand, there are new (proposed?) federal laws to go after businesses that release private personal information. While somewhat related, the government can not throw you in jail for storing a credit card number of your end customer. I believe any such infractions are civil in nature only, not criminal. /http://www.*visa*.com/cisp / ------------ How CISP compliance works CISP compliance is required of all merchants and service providers that store, process, or transmit Visa cardholder data. The program applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e-commerce. Compliance with CISP means compliance with the PCI Data Security Standard with the required program validation. The Payment Card Industry (PCI) Data Security Standard offers a single approach to safeguarding sensitive data for all card brands. Other card companies operating in the U.S. have also endorsed the PCI Data Security Standard within their respective programs. Using the PCI Data Security Standard as its framework, CISP provides the tools and measurements needed to protect against cardholder data exposure and compromise. The PCI Data Security Standard (PDF, 149k) consists of twelve basic requirements and corresponding sub-requirements categorized as follows: [table removed] Compliance validation Separate and distinct from the mandate to comply with the PCI Data Security Standard is the *validation* of compliance whereby entities verify and demonstrate their compliance status. It is a fundamental and critical function that identifies and corrects vulnerabilities, and protects customers by ensuring that appropriate levels of cardholder information security are maintained. Visa has prioritized and defined levels of compliance validation based on the volume of transactions, the potential risk, and exposure introduced into the payment system by merchants and service providers. Member responsibilities Members must comply with CISP and are responsible for ensuring the compliance of their merchants, service providers, and their merchants' service providers. Acquirers must include a CISP compliance provision in all contracts with merchants and Nonmember agents. Specific compliance requirements and validation criteria are provided at this website. CISP compliance penalties If a member, merchant or service provider does not comply with the security requirements or fails to rectify a security issue, Visa may: * Fine the responsible member * Impose restrictions on the merchant or its agent Loss or theft of account information A member or the member's service provider, or a merchant or the merchant's service provider must immediately report the suspected or confirmed loss or theft of any material or records that contain Visa cardholder data. If a member knows or suspects a security breach with a merchant or service provider, the member must take immediate action to investigate the incident and limit the exposure of cardholder data. If a Visa member fails to immediately notify Visa USA Fraud Control of the suspected or confirmed loss or theft of any Visa transaction information, the member will be subject to a penalty of $100,000 per incident. Members are subject to fines, up to $500,000 per incident, for any merchant or service provider that is compromised and not compliant at the time of the incident. ------------- Dale Bess Ho wrote: > Boy... I just get back from my trip. I have a lot to catch up. I lost my grandmother and I have to prepare and get ready for the funeral in next few wks. > > I can't recall all the detail. Just trust my word for now. It is not just a business policy. > > -----Original Message----- > From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of > John Peacock > Sent: Monday, June 19, 2006 12:04 PM > To: WebDNA Talk > Subject: Re: SetHeader not Working > > > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Dale Lists

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Summing results of a nested search (2006) show if date < expiry date (2002) WebCatalog 4.0.2b5 available (2000) No more misunderstanding ... yay! :) (1997) Missing from Docs [folderName] (1997) WebCatalog 2.0 b 15 mac (1997) Virtual hosting and webcatNT (1997) Searching multiple Databases (1997) WebCat & WebTen (1997) Online reference (1997) b12 cannot limit records returned and more. (1997) Robots fill event log (1997) multiple search commands (1997) CyberCash Transaction Cost (1999) Storefornts (1997) WebCat2b14MacPlugIn - [include] doesn't hide the search string (1997) Nested tags count question (1997) Field name-subcategory (1997) Fun with Dates (syntax) (2002) Latin Characters (1998)