[linux-elitists] TrustCommerce

Jonathan Corbet corbet-elite@lwn.net
Thu Aug 14 09:29:58 PDT 2003


> Instead of retaining the user's credit card, they assign a billing
> authorization code for that account and you retain that on file and
> present it for future billings.  If your system is ever compromised
> and someone makes off with the authorization codes, you can simply
> tell the processor to blacklist all codes that have been assigned
> to you.

We use the TrustCommerce billing ID mechanism too; it's even better than
that, really.  If somebody breaks our server and gets all the billing IDs,
the *only* thing they can do with those IDs is charge more money into *our*
account.  Unless the cracker also figures out a way to get money out of our
bank account, the billing IDs are useless to them, even before they get
cancelled.

This whole mechanism helps me sleep better at night.  

jon



More information about the linux-elitists mailing list