Recent Posts

Pages: 1 ... 8 9 [10]
Open Discussion / Delegation is so hard
« Last post by Mike on December 17, 2019, 11:58:26 AM »
My growth area is delegation which I've heard is hard for everyone.  I've been slowly working on it but recently (i.e. last week) we increased the number of programmers to the point where I had to split the team into two groups to avoid them getting in each others way.  As part of that I made the two programmer 2s the main point of contact for their group.  Gotta say, I'm really liking this.  I now have more time and energy to look over the work, hold the standards, and really think in depth about the project.  All while reducing my stress.

The best part is that we are getting ahead of schedule.  Originally these two components were budgeted for two weeks each (4 weeks total).  With the split I changed them to 3 weeks (but since they were parallel it is 3 weeks total).  Well, we are on track to get those components done in two weeks which is awesome!

One thing that has helped me is that I have work plans for these components that the team follows and updates as they go.  I can then review the plans to see where we are at versus where we should be.  That and a manager who keeps pushing me to delegate more with specific examples (e.g. have _____ do that , give it to one of the programmers, etc).
Programming / Re: PCI Question
« Last post by tgm on December 13, 2019, 10:32:00 PM »
Just use Stripe.
Programming / Re: PCI Question
« Last post by micah on December 13, 2019, 12:23:56 AM »
For what its worth, (and I can imagine it might be a tough sell to some clients) but he might be better served using Stripe for online transactions (separate from his Comerica account) and then just setup Stripe to disperse funds to his other account on a rolling basis.  Makes the programming way easier for you (and thus cost effective for him) and greatly limits his (and your) liability.  Not to mention, many traditional card merchants charge hefty fees (both for setup and recurring monthly usage) for payment gateways.
Programming / Re: PCI Question
« Last post by ober on December 12, 2019, 10:06:47 PM »
I don't have a 3rd party system with him right now.  I've used Sage (2 diff versions), Paypal, Stripe, and ... something else I can't remember.  He uses Comerica Bank which claims to have merchant services so I probably just need to call them to see what they offer.  I really don't like this project at all honestly.  I mean it's not complicated as far as the concept but the risk is through the roof if not handled properly.
Programming / Re: PCI Question
« Last post by micah on December 12, 2019, 06:03:47 AM »
What third party system are you using?

I know with and Stripe (the only two I've worked with other than basic paypal stuff...oh and a really shitty vendor named Payliance*) they allow you to (optionally) pre-auth a card and then store a token for that customer and charge at a future date.

For example:

So, like you're doing now, the actual PII and PCI-related data stays at the 3rd party and you just charge it later via API or their web-based dashboard (if the gateway provider has one)

*edit: I just remembered, payliance was for ACH transactions and did NOT store data, in that case I encrypted the account number in the database.  I never had a security or compliance audit so maybe I didn't do it 100% correct but, it was a secure encryption method and the database was on a different server than the decryption key.
Programming / Re: PCI Question
« Last post by KnuckleBuckett on December 12, 2019, 05:34:37 AM »
Tell him 3rd party.
Programming / Re: PCI Question
« Last post by Mike on December 12, 2019, 12:34:01 AM »
I feel ya.  We looked at CC processing earlier in the year and quickly realized we don't want to do it ourselves and do want to use a third party.

I really feel like there is a 3rd party processor that can do this.  Entering the details at order time but not billing until shipping is super common.

From the bit I remember you basically want to separate out your web server from your processing server.  They should at least be separate VMs.  The processing server should be encrypted at rest.  The rest I don't quite remember.

Honestly, this is an area that I wouldn't touch.  Too much potential for things to go wrong and a ton of civil liabilities.
Programming / PCI Question
« Last post by ober on December 11, 2019, 09:48:50 PM »
So I have a client that has proprietary pricing.  He wants to have a secure page where people can respond to a quote that he sent out with modifications where they provide their CC info for future processing (sometimes they don't ship an order for 2 weeks because a lot of the work is custom and they don't charge until they ship).  The collection is all easy and fine.  Done that a bunch of times.  My issue is passing the CC info off to him.  I've only dealt with passing the CC off to a 3rd party where they process the payment and the CC info is gone.  I need to somehow securely get it to him and store it until he processes the payment.

That scares the shit out of me from a PCI compliance standpoint.  In an ideal world I would pass the CC off to a 3rd party to verify the card details and have THEM hold the information until payment is processed.  But I'm not even sure that is an option.  The last thing I want to do is just hold the information in a database somewhere and that gets hacked and he and I both go to jail.  I mean worst case I would only hold it until the payment is processed but still I don't like it.

Photography/Video/Movies & TV / Re: Jack Ryan S2
« Last post by micah on December 03, 2019, 11:13:17 PM »
Just finished all 8 episodes. Wow. 10/10.
Photography/Video/Movies & TV / Re: Jack Ryan S2
« Last post by micah on December 03, 2019, 01:33:58 AM »
On episode 3 now.  it's been a while since I binged a series, this one is worth it for sure.
Pages: 1 ... 8 9 [10]