Java Reference
In-Depth Information
Customer credit card information
Gift card information
Customer information
Stock/inventory information
6.1.3.1 Customer Credit Card Information
Panthera's e-commerce application accepts credit cards as one of the modes of payment for the
merchandise. A customer would use the credit card during the checkout process to make payment
for the goods selected. Panthera's e-commerce application would then transmit the details to the
payment gateway. he payment gateway would send back a request to Panthera's e-commerce
application with a success/failure indication of the transaction. If the transaction is successful,
then the order would be recorded and processing of the order would be initiated subsequently.
he e-commerce application would handle credit card information during storage and transmis-
sion. Panthera's e-commerce application would initiate the transmission of cardholder information
including the CVC2 to the payment gateway. Panthera plans to store cardholder information like
the cardholder name, credit card number, and expiration date in its databases to facilitate smooth
operations like chargeback and credit card reconciliation. Panthera has also observed that their
customers usually make their purchases with diferent credit cards. Panthera plans to provide func-
tionality where the customer may store his/her credit cards with details like the credit card number,
popularly referred to as the PAN or primary account number , the expiration date, and the associated
payment brand of the said credit card and select which card is to be used from a drop-down menu.
he customer need only enter the CVV2/CVC2 to process the transaction. Moreover, as Panthera
is actively pursuing PCI compliance, it is imperative that Panthera is aware of the criticality of
credit card-related information, not only as a matter of inancial and reputational consideration
but also as a matter of business ethics and need, as their competitiveness, proit margins, and repu-
tation are afected by their noncompliance to the said security compliance requirement.
6.1.3.2 Customer Information
Panthera's e-commerce application would facilitate registered users to purchase goods from
Panthera's online retail store. Customer information includes the customer's username, password,
address, telephone, email, and order details. Panthera's management has indicated that without
customer information, they would not be able to carry out their business activities. All the ele-
ments that constitute customer information would be stored in Panthera's e-commerce data-
base and transmitted over the Internet and within Panthera's e-commerce administration team.
Panthera's management believes that it cannot fulill orders if the details such as customer infor-
mation, contact, usernames, and passwords are destroyed. he e-commerce application would
be rendered incapable of facilitating customer transactions. his would result in serious inancial
and reputational losses to Panthera. Apart from the above, the unauthorized disclosure (breach of
conidentiality) of customer passwords would render the customer order information and contact
information vulnerable to an attacker. As a matter of legal requirement, Panthera ensures that
their customer information is not subject to unauthorized disclosure, as it would result in the
invocation of the California State Data Privacy Act, SB-1386, which imposes certain reporting
requirements and harsh penalties for organizations who fail to comply with it.
Order information is an important element of customer information as well. Panthera relies
on order numbers to ensure that the product(s) ordered are correctly shipped to the customer. he
Search WWH ::




Custom Search