October 4, 2012 at 2:43 pm
Chi Chi Cabron (10/4/2012)
Thanks for all the input! I really appreciate the advice. I'll definitely ask for a meeting with the lawyer. Very good advice.
Excellent. When you're done, do me a favor? Post back here.
Last time I checked the documentation CSC cannot be stored for longer than 30 seconds and never in a permanent storage, only in a variable. If that's changed I'd really like to know it.
Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.
For better assistance in answering your questions[/url] | Forum Netiquette
For index/tuning help, follow these directions.[/url] |Tally Tables[/url]
Twitter: @AnyWayDBA
October 15, 2012 at 12:28 pm
Evil Kraig F (10/4/2012)
Chi Chi Cabron (10/4/2012)
Thanks for all the input! I really appreciate the advice. I'll definitely ask for a meeting with the lawyer. Very good advice.Excellent. When you're done, do me a favor? Post back here.
Last time I checked the documentation CSC cannot be stored for longer than 30 seconds and never in a permanent storage, only in a variable. If that's changed I'd really like to know it.
Amazing what a little regulation does for requirements! After looking into PCI requirements, I also found that CSC (or other authentication methods) can never be stored. So when I brought this to the attention of the department head and suggested we look into our options with the lawyer, he quickly rescinded that particular requirement. Turns out, the CSC is not required by our CC processing software, that requirement was just put there "just in case we ever needed it."
We can support the other PCI compliance requirements, so when I began going through the PCI self-assessment questionnaire with the department head, he had the brilliant idea that maybe it would be better to have the data entry employees also do the CC processing. That way, we don't have to store ANY CC data, just store the confirmation code from the CC processor.
Of course, that's what I initially suggested. But the up side is that the basic table structure that was my original question does not change, and the security considerations have become a lot more manageable.
Thanks again for all the great input.
October 15, 2012 at 12:36 pm
That's great...I have always said that even charging $1 for IT services between departments inside most companies would eliminate stuff like this, in your case the 'cost' was the extra effort and regulatory burden, and it quickly eliminated that which was not needed.
Read Dan Ariely's books on the 'irrationality of FREE' I find it applies directly to software and/or IT departments and the way they interact with their 'customers'
cheers,
-TD
October 15, 2012 at 12:41 pm
That is certainly good news. Nothing like having the process happen at the right spot in the business. That self compliance check list has been a real eye opener for a number of people I have worked with.
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
Viewing 4 posts - 16 through 18 (of 18 total)
You must be logged in to reply to this topic. Login to reply