Bugtraq mailing list archives
Re: VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAILURE
From: David Frascone <dave () frascone com>
Date: Sat, 5 Jan 2002 19:21:53 -0600
It really depends on the application. The cart I maintain gets the info back from verisign via the post, *and* an e-mailed recript. Also, we routinely verify large orders at verisign directly. I'll admit that it's a hole, I just don't think it's a very big one. Just my $.02 worth, Dave On Friday, 04 Jan 2002, keith royster wrote:
PAYFLOW LINK SERVICE DESCRIPTION: The final checkout page of various online shopping cart applications presents the shopper with a form asking for credit card acct#, exp date, etc. When the shopper submits the form, the data is sent directly to the vendor's PayFlow Link account at Verisign for validation. If the credit card information is validated, Verisign authorizes payment and submits the data back to the vendors shopping cart application. When the vendor's shopping app receives this data, it assumes payment was authorized and finalizes the order for the vendor to fill and ship it.
Current thread:
- VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAILURE keith royster (Jan 04)
- <Possible follow-ups>
- Re: VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAILURE David Frascone (Jan 05)