IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [e-commerce]

58 questions
3
votes
2 answers

Shop saves credit card data from guest orders

A web shop allows customers to order as guest or to create an account. I ordered as guest, entered my email address and the shipping address, and payed per credit card (I had to enter the security code). Some weeks later, I ordered something else,…
unor
  • 1,769
  • 1
  • 19
  • 38
3
votes
2 answers

Is PCI Compliance mandatory?

I recently started working on an eCommerce addition to a site I'm working on.In my research looking for a way to do SSL without a certificate/a free certificate I came across PCI Compliance.I have been reading the PCI DSS Requirements from :…
Vinc
  • 133
  • 1
  • 4
3
votes
2 answers

Is it normal for a payment procedure to ask for third party cookies to be turned on?

I was trying to pay for mobile phone credit online from a service provider. I selected the amount to pay and clicked next to continues. The following page asked me to turn on third party cookies if I wanted to proceed. I thought that this wasn't…
nicholaschris
  • 131
  • 3
3
votes
3 answers

Driver's license required for online purchases

Problem I tried to buy a few things from a particular industry, and the sellers are independently all asking for a copy of my driver's license to verify that it matches the details on the card because someone is telling them they need to do that. …
user196351
  • 39
  • 1
  • 3
3
votes
1 answer

Script tag loading "xss.re/692" in e-commerce transaction data - real attack or something else?

An e-commerce site I run recently received a suspicious transaction. The field for customer's name included a script tag, like so (customer's name changed to John Doe to protect anonymity): John Doe"> The note…
Robert
  • 607
  • 5
  • 13
2
votes
1 answer

Decentralized e-commerce site, what to do about SSL/security?

I'm building a service that is basically a decentralized Amazon. Basically, each seller hosts a copy of the site, at their own IP address, and accepts (bitcoin) payments using a self-hosted bitcoin wallet that I made for this purpose. My difficulty…
thouliha
  • 123
  • 3
2
votes
1 answer

Using OAuth as Security For E-Commerce Sites

I need some help in understanding the security risks if I want to use OAuth 2.0 (Facebook, Twitter and G+) as standard login provider for an E-Commerce site. Keeping in mind that I will not be saving Credit Card information on the site or in any of…
Jacques Bronkhorst
  • 123
  • 4
2
votes
2 answers

Would chip-and-PIN have prevented the Target breach?

Would chip-and-PIN have prevented the Target breach? As we all know, Target was breached and the hackers stole lots of credit card numbers. Target is now advocating for chip-and-PIN, as a way to provide better security for credit cards. This makes…
D.W.
  • 98,420
  • 30
  • 267
  • 572
2
votes
2 answers

PCI Compliance Distibution

I run a small e-commerce website hosted on a dedicated server with Debian 6 Squeeze. I need to become PCI compliant (the card industry standard for security). Therefore I have registered with TrustWave TrustKeeper which scans my site for potential…
Ren
  • 23
  • 3
2
votes
3 answers

How can I protect my eCommerce site from stolen credit cards?

The case would be that someone with stolen credit card registers on my site, and uses the stolen credit card details to purchase services through my site. How can I protect my eCommerce site from stolen credit cards? What actions can I take to…
user1888288
  • 41
  • 2
2
votes
1 answer

PCI scope for a Direct-Post e-commerce site (SAQ A-EP)

An e-commerce site uses the Direct-Post method (see page 14 PCI e-commerce security). Is the server for the e-commerce application and network it resides on in scope for PCI? There are questions in the SAQ A-EP for servers and networking that…
J. Lam
  • 21
  • 1
2
votes
2 answers

Final-Mile Shipping Company Wants Customer Email Address - PCI Compliance Issue? (United States)

My company ships very large, very heavy products to the homes of everyday consumers (think big home renovation materials). Currently, we provide the customer's name, shipping address, and phone number to the factory. The factory then provides that…
breck-cabinets
  • 23
  • 3
2
votes
2 answers

Is taking CC info in plain HTML elements, but using a library like Stripe to tokenize PCI compliant?

I am building a site which will accept payments. I will be processing payments with either Stripe or Square. Stripe now has Stripe Elements, and Square has Square Payment Form. I have tried Square Payment form but it's hard to customize and loads…
pcinewb
  • 21
  • 1
2
votes
2 answers

PCI-DSS requirements regarding long exposure to critical vulnerability (RCE)

Suppose we have an e-commerce website where payment is done via redirection to a payment provider, with no processing / storage of cardholder data at our site (I'll update if needed with exact PCI merchant category, but I understand that it's the…
ack__
  • 2,728
  • 14
  • 25
2
votes
2 answers

PCI DSS Compliance for Client

I'm new to PCI DSS. I'm coding a custom WordPress plugin for a client of ours which shows a form on their websites. This form will take the customers name, email, quote number, amount, and card details. When they submit the form, a script will send…
AshboDev
  • 121
  • 3
1
2
3 4