[freeside-users] question about freeside credit card security

Gerard J. Cerchio gjpc at OB1Net.net
Wed Apr 5 11:43:28 PDT 2006


Hello Richard,

We never enter the CVC code into the Freeside database.  This allows us 
to comply with the CVC restriction.  CVC is not required for authorization.

I am unaware of the cryptographic requirement but if this is the law I 
would simply move the database to an encrypted volume. I am sure that 
would meet your encryption requirement without any changes to Freeside 
at all. If you wish to add encryption internal to Freeside refer to 
http://www.postgresql.org/docs/8.1/interactive/encryption-options.html 
and please publish your patches for all to share.

I have found Freeside reliable, easy to use and the perfect solution for 
our WISP. Another advantage of Freeside is that there is no "deal". You 
use it or decide not to use it.

Regards,
Gerard Cerchio

Richard Steinhoff wrote:
> Hello,
>
> I am part of a team looking at ISP billing software and freeside is very 
> attractive to us for several reasons.  However, one of our guys who, I 
> believe is running a demo version, has come up with an issue that may be 
> a deal breaker.
>
> If you could take a look at his statement below and let me know if it is 
> correct or not, that will help us. 
>
> thank you in advance.
>
> I took a look at the Freeside database schema, and found that it 
> violates the credit card data protection rules by storing the CVC code 
> in addition to the card number, exp. date, etc. in the customer record 
> for customers who pay by charge card.  This is what put Card Systems 
> into bankruptcy.  It also requires that the entire customer record be 
> encrypted, unless PostgreSQL can encrypt only selected columns in a 
> table.  I don't know anything about PostgreSQL's encryption capabilities 
> or lack thereof.
>
>
>
>
>
> Rich Steinhoff
> General Manager
> Terran 3 Networks, Inc. (T3NI)
> PO Box 2264
> Shallotte, NC  28459-2264
> (910) 200-0400
> rich.steinhoff at terran3.net
>
> _______________________________________________
> freeside-users mailing list
> freeside-users at sisd.com
> http://420.am/cgi-bin/mailman/listinfo/freeside-users
>
>
>   


More information about the freeside-users mailing list