I'm stumped. I'm not so sure what is the answer. I'll do some research in Google and get back to you if I discover an decent answer. You should email the people at iPage as they probably know..
Wow, thanks very much for your information. I did not think it could be the issuer and thought they were all the same. I thought the only difference was branding..
You can encrypt the credit card details and store them in database...
But only if you follow all the requirements of the PCI "regulations" and get yourself audited..
Not a solution for most osc sites..
Best to steer well clear of storing/sending cc details even sending it between pages..
Use a merchant account so they record/process cc details and you just get the payment..
We do encryption and also wipe the details once used which is generally within 24 hours. But would be good to use a gateway regardless...
Whoops, there you go storing cc data..
You should make sure you are pci compliant or stop storing it..
Does not matter how long you store it for..
You could always ask your card processing helpdesk..
Unfortunately that will put you on their radar.... Try reading their web site.
We have barclays bugging me about getting a PCI DSS.
Do I have to follow all the requirements of the PCI "regulations" and get ourself audited.
We use a merchant account so barclays does all the credit card process and we just get our payment.
I think the only info we pass is how much the total payment is.
Any info would be great.
After our iPage site was attacked I thought I would run through a PCI compiance check specifically designed for ecommerce..
One test came back with a number of errors suggesting to close a number of ports but unfortunatly I cannot as we use a shared server..
But then I ran another test with another PCI complience checker which seemed to be much more geared to towards the iPage website structure. It came back with 2 fails. One is explainable as it is talking about a database structure I do not use. But the 2nd fail came back with the below. Does anyone know if this is talking about oscommerce and if it is patchable. Is this explainable for PCI compliance and not a problem? Any help or advice would be great.
MD5 Hash Collision Vulnerability.
Vulnerability ID: 12142.
The MD5 algorithm is used to generate fixed-length identifiers for.
Arbitrarily-sized blocks of data. Although the identifiers generated by the MD5.
Algorithm are intended to be unique, it has been demonstrated that the same MD5.
Hash can be generated by two different inputs. It is also feasible to construct.
X.509 and SSL certificates that are identical to valid certificates. An.
Attacker can therefore create forged certificates that could be used to gather.
Sensitive data from users who have inadvertently installed the wrong.
Currently we are not aware of any vendor-supplied patches for this issue. If you.
Feel we are in error or are aware of more recent information, please e-mail us.
Do not use the MD5 algorithm. It is now considered cryptographically unsound..
Carefully examine SSL certificates signed by certificates using the MD5.
Algorithm. Use these SSL certificates with caution..
This post has been edited by.
: 11 February 2009, 19:03..
It is with the issuer of your ssl and the outdated encryption used within the md5. Researching for a better ssl issuer will solve your problem..