Author Topic: Credit card gobbling code found on Magento sites  (Read 241 times)

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 7349
  • Debbie says...
    • View Profile

gm66

  • Inner Core
  • Hero Member
  • *
  • Posts: 971
    • View Profile
Re: Credit card gobbling code found on Magento sites
« Reply #1 on: October 01, 2018, 05:02:54 PM »
Happens every bloody year.
Civilisation is a race between disaster and education ...

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 4443
    • View Profile
Re: Credit card gobbling code found on Magento sites
« Reply #2 on: October 01, 2018, 06:12:53 PM »
If you're running payments through your own server, even as a pass-through with no stored credit cards, you are playing with fire and taking a risk that could result in a penalty larger than most small businesses can sustain (I believe it's $1000 per compromised card, but the credit card companies will usually work with you if it's a first offense).

Love it or hate, I am so glad to have moved to Shopify for the one site where I was personally on the hook for PCI compliance and security. I hated that and, though you make some compromises going with SAAS for your store, not worrying about every exploit and breach has made my life better.

The vast majority of businesses that are running their own payment systems do not have the expertise to do so. I think almost every small business and most medium businesses should stop trying to maintain any payment system that runs on their server.

Does that go for iframe-based systems like embedded Stripe? I'm less fanatically religious about that... but it certainly increases your exposure and last I looked through PCI docs and expert opinions, it's a grey area.