Jump to content

Cre8asiteforums

Web Site Design, Usability, SEO & Marketing Discussion and Support

johnglynn

Credit Card Law

Recommended Posts

I own a web development company. In the past clients wanted credit card processing which was simple enough, SSL and a merchant account and we were of and running. But now I have a client who needs to store credit card information (previously nothing was stored). I have read a great deal on how to do this but I have been unable to find the legal implications of doing this. Does anyone know of a reliable resource credit card storage law?

 

Great forum, thanks!

 

John Glynn

Share this post


Link to post
Share on other sites

Here is some basic info for starters:

 

Protecting Personal Information in Third Party Hands: An Overview of Legal Requirements

Margaret P. Eisenhauer

6 January 2006

 

RSS White Paper on Enterprise Identity Theft

 

The Gramm-Leach Bliley Act

 

California Privacy Legislation

AB 1950 in particular

 

Realize that the laws are still somewhat vague, but however vague, they essentially require you to make an effort to protect stored personal information. If you do not take reasonable measures to protect the data you collect and store, you could be be held liable based upon implied fiduciary responsibility.

 

And that is not just your client, but you the vendor as well. :)

 

IMHO, the basic steps are at minimum: Make sure the database is secure, passwords are controlled and changed regularly and the cc nums are encrypted inside the table.

 

-Jeff

Edited by Jozian

Share this post


Link to post
Share on other sites

Jeff,

 

Thank you for the thorough response, more detail than I was expecting or getting anywhere else. I will read through the links you have sent me. Thank you again.

 

John

Share this post


Link to post
Share on other sites

×