Re: SetHeader not Working

This WebDNA talk-list message is from

2006


It keeps the original formatting.
numero = 67514
interpreted = N
texte = Hey Dale, I think you are closer to the picture. Bess -----Original Message----- From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of Dale Lists Sent: Monday, June 19, 2006 1:21 PM To: WebDNA Talk Subject: Re: SetHeader not Working Bess, I think you are confusing a couple of different things here. I do recall = some months ago at my day job, we kept getting emails and phone calls=20 from some company designated by Visa to 'certify' our web security for=20 our stored CC's (except we don't store CC's anyplace!). There were some=20 new VISA rules (like John mentioned - these are between the merchant and = Visa only) that requires that you be certified *IF* you are storing CC=20 numbers. I believe part of it was that if you are not certified and you=20 do something that allows the numbers to get out, you agree as part of=20 your VISA agreement to be liable for various fees and VISA fines. On the other hand, there are new (proposed?) federal laws to go after=20 businesses that release private personal information. While somewhat=20 related, the government can not throw you in jail for storing a credit=20 card number of your end customer. I believe any such infractions are=20 civil in nature only, not criminal. /http://www.*visa*.com/cisp / ------------ How CISP compliance works CISP compliance is required of all merchants and service providers that=20 store, process, or transmit Visa cardholder data. The program applies to = all payment channels, including retail (brick-and-mortar),=20 mail/telephone order, and e-commerce. Compliance with CISP means=20 compliance with the PCI Data Security Standard with the required program = validation. The Payment Card Industry (PCI) Data Security Standard=20 offers a single approach to safeguarding sensitive data for all card=20 brands. Other card companies operating in the U.S. have also endorsed=20 the PCI Data Security Standard within their respective programs. Using the PCI Data Security Standard as its framework, CISP provides the = tools and measurements needed to protect against cardholder data=20 exposure and compromise. The PCI Data Security Standard=20 =20 (PDF, 149k) consists of twelve basic requirements and corresponding=20 sub-requirements categorized as follows: [table removed] Compliance validation Separate and distinct from the mandate to comply with the PCI Data=20 Security Standard is the *validation* of compliance whereby entities=20 verify and demonstrate their compliance status. It is a fundamental and=20 critical function that identifies and corrects vulnerabilities, and=20 protects customers by ensuring that appropriate levels of cardholder=20 information security are maintained. Visa has prioritized and defined=20 levels of compliance validation based on the volume of transactions, the = potential risk, and exposure introduced into the payment system by=20 merchants and service providers. Member responsibilities Members must comply with CISP and are responsible for ensuring the=20 compliance of their merchants, service providers, and their merchants'=20 service providers. Acquirers must include a CISP compliance provision in = all contracts with merchants and Nonmember agents. Specific compliance requirements and validation criteria are provided at = this website. CISP compliance penalties If a member, merchant or service provider does not comply with the=20 security requirements or fails to rectify a security issue, Visa may: * Fine the responsible member * Impose restrictions on the merchant or its agent Loss or theft of account information A member or the member's service provider, or a merchant or the=20 merchant's service provider must immediately report the suspected or=20 confirmed loss or theft of any material or records that contain Visa=20 cardholder data. If a member knows or suspects a security breach with a merchant or=20 service provider, the member must take immediate action to investigate=20 the incident and limit the exposure of cardholder data. If a Visa member fails to immediately notify Visa USA Fraud Control of=20 the suspected or confirmed loss or theft of any Visa transaction=20 information, the member will be subject to a penalty of $100,000 per=20 incident. Members are subject to fines, up to $500,000 per incident, for any=20 merchant or service provider that is compromised and not compliant at=20 the time of the incident. ------------- Dale Bess Ho wrote: > Boy... I just get back from my trip. I have a lot to catch up. I lost = my grandmother and I have to prepare and get ready for the funeral in = next few wks. > > I can't recall all the detail. Just trust my word for now. It is not = just a business policy. > > -----Original Message----- > From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of > John Peacock > Sent: Monday, June 19, 2006 12:04 PM > To: WebDNA Talk > Subject: Re: SetHeader not Working > > =20 > =20 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to = Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: SetHeader not Working ( "Dan Strong" 2006)
  2. Re: SetHeader not Working ( "Bess Ho" 2006)
  3. Re: SetHeader not Working ( "Bess Ho" 2006)
  4. Re: SetHeader not Working ( Brian Fries 2006)
  5. Re: SetHeader not Working ( "Bess Ho" 2006)
  6. Re: SetHeader not Working ( Matthew Bohne 2006)
  7. Re: SetHeader not Working ( "Dan Strong" 2006)
  8. Re: SetHeader not Working ( Gary Krockover 2006)
  9. Re: SetHeader not Working ( Donovan Brooke 2006)
  10. Re: SetHeader not Working ( "Bess Ho" 2006)
  11. Re: SetHeader not Working ( "Bess Ho" 2006)
  12. Re: UCE: Re: SetHeader not Working ( Dale Lists 2006)
  13. Re: SetHeader not Working ( Dale Lists 2006)
  14. Re: SetHeader not Working ( Donovan Brooke 2006)
  15. Re: SetHeader not Working ( Sandie L Miller 2006)
  16. Re: SetHeader not Working ( Matthew Bohne 2006)
  17. Re: SetHeader not Working ( John Peacock 2006)
  18. Re: SetHeader not Working ( Matthew Bohne 2006)
  19. Re: SetHeader not Working ( Bob Minor 2006)
  20. Re: SetHeader not Working ( "Bess Ho" 2006)
  21. Re: SetHeader not Working ( John Peacock 2006)
  22. Re: SetHeader not Working ( "Bess Ho" 2006)
  23. Re: SetHeader not Working ( WJ Starck 2006)
  24. Re: SetHeader not Working ( Bob Minor 2006)
  25. Re: SetHeader not Working ( "Bess Ho" 2006)
  26. Re: SetHeader not Working ( Donovan Brooke 2006)
  27. Re: SetHeader not Working ( "Bess Ho" 2006)
  28. Re: SetHeader not Working ( WJ Starck 2006)
  29. Re: SetHeader not Working ( John Peacock 2006)
  30. Re: SetHeader not Working ( "Bess Ho" 2006)
  31. Re: SetHeader not Working ( Donovan Brooke 2006)
  32. Re: SetHeader not Working ( John Peacock 2006)
  33. Re: SetHeader not Working ( Donovan Brooke 2006)
  34. Re: SetHeader not Working ( Clint Davis 2006)
  35. Re: SetHeader not Working ( Clint Davis 2006)
  36. Re: SetHeader not Working ( WJ Starck 2006)
  37. SetHeader not Working ( Clint Davis 2006)
Hey Dale, I think you are closer to the picture. Bess -----Original Message----- From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of Dale Lists Sent: Monday, June 19, 2006 1:21 PM To: WebDNA Talk Subject: Re: SetHeader not Working Bess, I think you are confusing a couple of different things here. I do recall = some months ago at my day job, we kept getting emails and phone calls=20 from some company designated by Visa to 'certify' our web security for=20 our stored CC's (except we don't store CC's anyplace!). There were some=20 new VISA rules (like John mentioned - these are between the merchant and = Visa only) that requires that you be certified *IF* you are storing CC=20 numbers. I believe part of it was that if you are not certified and you=20 do something that allows the numbers to get out, you agree as part of=20 your VISA agreement to be liable for various fees and VISA fines. On the other hand, there are new (proposed?) federal laws to go after=20 businesses that release private personal information. While somewhat=20 related, the government can not throw you in jail for storing a credit=20 card number of your end customer. I believe any such infractions are=20 civil in nature only, not criminal. /http://www.*visa*.com/cisp / ------------ How CISP compliance works CISP compliance is required of all merchants and service providers that=20 store, process, or transmit Visa cardholder data. The program applies to = all payment channels, including retail (brick-and-mortar),=20 mail/telephone order, and e-commerce. Compliance with CISP means=20 compliance with the PCI Data Security Standard with the required program = validation. The Payment Card Industry (PCI) Data Security Standard=20 offers a single approach to safeguarding sensitive data for all card=20 brands. Other card companies operating in the U.S. have also endorsed=20 the PCI Data Security Standard within their respective programs. Using the PCI Data Security Standard as its framework, CISP provides the = tools and measurements needed to protect against cardholder data=20 exposure and compromise. The PCI Data Security Standard=20 =20 (PDF, 149k) consists of twelve basic requirements and corresponding=20 sub-requirements categorized as follows: [table removed] Compliance validation Separate and distinct from the mandate to comply with the PCI Data=20 Security Standard is the *validation* of compliance whereby entities=20 verify and demonstrate their compliance status. It is a fundamental and=20 critical function that identifies and corrects vulnerabilities, and=20 protects customers by ensuring that appropriate levels of cardholder=20 information security are maintained. Visa has prioritized and defined=20 levels of compliance validation based on the volume of transactions, the = potential risk, and exposure introduced into the payment system by=20 merchants and service providers. Member responsibilities Members must comply with CISP and are responsible for ensuring the=20 compliance of their merchants, service providers, and their merchants'=20 service providers. Acquirers must include a CISP compliance provision in = all contracts with merchants and Nonmember agents. Specific compliance requirements and validation criteria are provided at = this website. CISP compliance penalties If a member, merchant or service provider does not comply with the=20 security requirements or fails to rectify a security issue, Visa may: * Fine the responsible member * Impose restrictions on the merchant or its agent Loss or theft of account information A member or the member's service provider, or a merchant or the=20 merchant's service provider must immediately report the suspected or=20 confirmed loss or theft of any material or records that contain Visa=20 cardholder data. If a member knows or suspects a security breach with a merchant or=20 service provider, the member must take immediate action to investigate=20 the incident and limit the exposure of cardholder data. If a Visa member fails to immediately notify Visa USA Fraud Control of=20 the suspected or confirmed loss or theft of any Visa transaction=20 information, the member will be subject to a penalty of $100,000 per=20 incident. Members are subject to fines, up to $500,000 per incident, for any=20 merchant or service provider that is compromised and not compliant at=20 the time of the incident. ------------- Dale Bess Ho wrote: > Boy... I just get back from my trip. I have a lot to catch up. I lost = my grandmother and I have to prepare and get ready for the funeral in = next few wks. > > I can't recall all the detail. Just trust my word for now. It is not = just a business policy. > > -----Original Message----- > From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of > John Peacock > Sent: Monday, June 19, 2006 12:04 PM > To: WebDNA Talk > Subject: Re: SetHeader not Working > > =20 > =20 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to = Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Bess Ho"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat NT v. Mac (1997) lookup and two records? (1997) Erotic Sites (1997) Question about [encrypt] (1998) WebCatalog + WebMerchant 2.1 for Windows released (1998) Nested Loops and SHOWIFs (1997) WebCat Beta NT 18 (1997) Shipping Formula % (2003) formatting dates from a field ... (1997) Extended [ConvertChars] (1997) (slightly off) using menu and [search] (1998) Sorting Numbers (1997) WebCatalog for Postcards ? (1997) Filemaker Pro and [convertchars] (2000) spawn (1998) Associative lookup style? (1997) All choices on IE different than Netscape (1997) user flush db (2002) Multiple prices (1997) See [shell]s (2008)