[freeside-users] question about freeside credit card security
Richard Steinhoff
rich.steinhoff at TERRAN3.NET
Wed Apr 5 08:51:33 PDT 2006
Hello,
I am part of a team looking at ISP billing software and freeside is very
attractive to us for several reasons. However, one of our guys who, I
believe is running a demo version, has come up with an issue that may be
a deal breaker.
If you could take a look at his statement below and let me know if it is
correct or not, that will help us.
thank you in advance.
I took a look at the Freeside database schema, and found that it
violates the credit card data protection rules by storing the CVC code
in addition to the card number, exp. date, etc. in the customer record
for customers who pay by charge card. This is what put Card Systems
into bankruptcy. It also requires that the entire customer record be
encrypted, unless PostgreSQL can encrypt only selected columns in a
table. I don't know anything about PostgreSQL's encryption capabilities
or lack thereof.
Rich Steinhoff
General Manager
Terran 3 Networks, Inc. (T3NI)
PO Box 2264
Shallotte, NC 28459-2264
(910) 200-0400
rich.steinhoff at terran3.net
More information about the freeside-users
mailing list