Re: SetHeader not Working
This WebDNA talk-list message is from 2006
It keeps the original formatting.
numero = 67514
interpreted = N
texte = Hey Dale,I think you are closer to the picture.Bess-----Original Message-----From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf OfDale ListsSent: Monday, June 19, 2006 1:21 PMTo: WebDNA TalkSubject: Re: SetHeader not WorkingBess,I think you are confusing a couple of different things here. I do recall =some months ago at my day job, we kept getting emails and phone calls=20from some company designated by Visa to 'certify' our web security for=20our stored CC's (except we don't store CC's anyplace!). There were some=20new VISA rules (like John mentioned - these are between the merchant and =Visa only) that requires that you be certified *IF* you are storing CC=20numbers. I believe part of it was that if you are not certified and you=20do something that allows the numbers to get out, you agree as part of=20your VISA agreement to be liable for various fees and VISA fines.On the other hand, there are new (proposed?) federal laws to go after=20businesses that release private personal information. While somewhat=20related, the government can not throw you in jail for storing a credit=20card number of your end customer. I believe any such infractions are=20civil in nature only, not criminal./http://www.*visa*.com/cisp/ ------------ How CISP compliance worksCISP compliance is required of all merchants and service providers that=20store, process, or transmit Visa cardholder data. The program applies to =all payment channels, including retail (brick-and-mortar),=20mail/telephone order, and e-commerce. Compliance with CISP means=20compliance with the PCI Data Security Standard with the required program =validation. The Payment Card Industry (PCI) Data Security Standard=20offers a single approach to safeguarding sensitive data for all card=20brands. Other card companies operating in the U.S. have also endorsed=20the PCI Data Security Standard within their respective programs.Using the PCI Data Security Standard as its framework, CISP provides the =tools and measurements needed to protect against cardholder data=20exposure and compromise. The PCI Data Security Standard=20
=20(PDF, 149k) consists of twelve basic requirements and corresponding=20sub-requirements categorized as follows:[table removed] Compliance validationSeparate and distinct from the mandate to comply with the PCI Data=20Security Standard is the *validation* of compliance whereby entities=20verify and demonstrate their compliance status. It is a fundamental and=20critical function that identifies and corrects vulnerabilities, and=20protects customers by ensuring that appropriate levels of cardholder=20information security are maintained. Visa has prioritized and defined=20levels of compliance validation based on the volume of transactions, the =potential risk, and exposure introduced into the payment system by=20merchants and service providers. Member responsibilitiesMembers must comply with CISP and are responsible for ensuring the=20compliance of their merchants, service providers, and their merchants'=20service providers. Acquirers must include a CISP compliance provision in =all contracts with merchants and Nonmember agents.Specific compliance requirements and validation criteria are provided at =this website. CISP compliance penaltiesIf a member, merchant or service provider does not comply with the=20security requirements or fails to rectify a security issue, Visa may: * Fine the responsible member * Impose restrictions on the merchant or its agent Loss or theft of account informationA member or the member's service provider, or a merchant or the=20merchant's service provider must immediately report the suspected or=20confirmed loss or theft of any material or records that contain Visa=20cardholder data.If a member knows or suspects a security breach with a merchant or=20service provider, the member must take immediate action to investigate=20the incident and limit the exposure of cardholder data.If a Visa member fails to immediately notify Visa USA Fraud Control of=20the suspected or confirmed loss or theft of any Visa transaction=20information, the member will be subject to a penalty of $100,000 per=20incident.Members are subject to fines, up to $500,000 per incident, for any=20merchant or service provider that is compromised and not compliant at=20the time of the incident.-------------DaleBess Ho wrote:> Boy... I just get back from my trip. I have a lot to catch up. I lost =my grandmother and I have to prepare and get ready for the funeral in =next few wks.>> I can't recall all the detail. Just trust my word for now. It is not =just a business policy.>> -----Original Message-----> From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of> John Peacock> Sent: Monday, June 19, 2006 12:04 PM> To: WebDNA Talk> Subject: Re: SetHeader not Working>> =20> =20-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to =Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Hey Dale,I think you are closer to the picture.Bess-----Original Message-----From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf OfDale ListsSent: Monday, June 19, 2006 1:21 PMTo: WebDNA TalkSubject: Re: SetHeader not WorkingBess,I think you are confusing a couple of different things here. I do recall =some months ago at my day job, we kept getting emails and phone calls=20from some company designated by Visa to 'certify' our web security for=20our stored CC's (except we don't store CC's anyplace!). There were some=20new VISA rules (like John mentioned - these are between the merchant and =Visa only) that requires that you be certified *IF* you are storing CC=20numbers. I believe part of it was that if you are not certified and you=20do something that allows the numbers to get out, you agree as part of=20your VISA agreement to be liable for various fees and VISA fines.On the other hand, there are new (proposed?) federal laws to go after=20businesses that release private personal information. While somewhat=20related, the government can not throw you in jail for storing a credit=20card number of your end customer. I believe any such infractions are=20civil in nature only, not criminal./http://www.*visa*.com/cisp/ ------------ How CISP compliance worksCISP compliance is required of all merchants and service providers that=20store, process, or transmit Visa cardholder data. The program applies to =all payment channels, including retail (brick-and-mortar),=20mail/telephone order, and e-commerce. Compliance with CISP means=20compliance with the PCI Data Security Standard with the required program =validation. The Payment Card Industry (PCI) Data Security Standard=20offers a single approach to safeguarding sensitive data for all card=20brands. Other card companies operating in the U.S. have also endorsed=20the PCI Data Security Standard within their respective programs.Using the PCI Data Security Standard as its framework, CISP provides the =tools and measurements needed to protect against cardholder data=20exposure and compromise. The PCI Data Security Standard=20=20(PDF, 149k) consists of twelve basic requirements and corresponding=20sub-requirements categorized as follows:[table removed] Compliance validationSeparate and distinct from the mandate to comply with the PCI Data=20Security Standard is the *validation* of compliance whereby entities=20verify and demonstrate their compliance status. It is a fundamental and=20critical function that identifies and corrects vulnerabilities, and=20protects customers by ensuring that appropriate levels of cardholder=20information security are maintained. Visa has prioritized and defined=20levels of compliance validation based on the volume of transactions, the =potential risk, and exposure introduced into the payment system by=20merchants and service providers. Member responsibilitiesMembers must comply with CISP and are responsible for ensuring the=20compliance of their merchants, service providers, and their merchants'=20service providers. Acquirers must include a CISP compliance provision in =all contracts with merchants and Nonmember agents.Specific compliance requirements and validation criteria are provided at =this website. CISP compliance penaltiesIf a member, merchant or service provider does not comply with the=20security requirements or fails to rectify a security issue, Visa may: * Fine the responsible member * Impose restrictions on the merchant or its agent Loss or theft of account informationA member or the member's service provider, or a merchant or the=20merchant's service provider must immediately report the suspected or=20confirmed loss or theft of any material or records that contain Visa=20cardholder data.If a member knows or suspects a security breach with a merchant or=20service provider, the member must take immediate action to investigate=20the incident and limit the exposure of cardholder data.If a Visa member fails to immediately notify Visa USA Fraud Control of=20the suspected or confirmed loss or theft of any Visa transaction=20information, the member will be subject to a penalty of $100,000 per=20incident.Members are subject to fines, up to $500,000 per incident, for any=20merchant or service provider that is compromised and not compliant at=20the time of the incident.-------------DaleBess Ho wrote:> Boy... I just get back from my trip. I have a lot to catch up. I lost =my grandmother and I have to prepare and get ready for the funeral in =next few wks.>> I can't recall all the detail. Just trust my word for now. It is not =just a business policy.>> -----Original Message-----> From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of> John Peacock> Sent: Monday, June 19, 2006 12:04 PM> To: WebDNA Talk> Subject: Re: SetHeader not Working>> =20> =20-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to =Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
"Bess Ho"
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
PCS Frames-Default page is solution! (1997)
WebCat2b13MacPlugIn - [include] doesn't allow creator (1997)
Image upload (2000)
Public beta 5 of WebCatalog 4.0 is now available (2000)
server2003 isolation mode (2004)
Bounced Emails (2005)
PSC recommends what date format yr 2000??? (1997)
passing cart value (2003)
2.0Beta Command Ref (can't find this instruction) (1997)
about this server and links to who (1997)
Snake Bites (1997)
Show if time tags (1997)
Text data with spaces in them... (1997)
[WebDNA] Triggers not working (2011)
WebCat2_Mac RETURNs in .db (1997)
software needed (2006)
Cookie question (1999)
Variables for chat (1997)
Frames and WebCat (1997)
Cool new site (1996)