WingNews logo WingNews
top | item 37218485

(no title)

wukerplank | 2 years ago

I think there was no realtime CC processing back then. In my last job I found artefacts like fax forms where they would write down collected credit card data (from online subscriptions) to be sent to their processor. To have at least _some_ safety they would just check [1] if the CC number is sound.

[1] https://en.wikipedia.org/wiki/Luhn_algorithm

discuss

order

DaiPlusPlus|2 years ago

I remember Authorize.net was one of the first credit-card processor for eCommerce (Archive.org goes back to 1998: https://web.archive.org/web/19981206052326/http://authorizen... ), they were the Stripe.net of the dot-com boom - at-least insofar as FastCGI or ColdFusion could take you back then - this was before "XML" was a buzzword: systems were exchanging SGML (if you were lucky!) or EDI[1] (if you weren't so lucky)

Obviously big-players, established businesses, et cetera would have had a more direct relationship with the banks and/or card-processors, but smaller site operators ("webmasters", heh) I assume must have had to run nightly batch-jobs that sent flat-files of card-numbers to card-processors using a modem that called the processors directly - rather than over the Internet (I understand this was also how many brick-and-mortar retailers sent in CC details transcribed from those manual card-impression machines[2], though I assume most let their bank do it along with their cash-deposits?)

-----

Unrelated-but-related: Authorize.net definitely sat on their laurels: their platform, web-service, and even their marketing landing-page was basically frozen-in-time from the mid-2000s right through to around 2017, I know because that's when I was working on a side-gig to migrate a system from Authorize.net to Stripe - that was such a breath of fresh-air. Sometimes I go back through time in the repo's commit history to remind myself how bad things were back then so I appreciate that things sometimes do actually get better.

[1]: https://en.wikipedia.org/wiki/Electronic_data_interchange [2]: https://en.wikipedia.org/wiki/Credit_card_imprinter

donatj|2 years ago

I worked for a company until 2011 that developed and licensed a shopping cart where Authorize.net was our most preferred processor. We could do others but Authorize.net had the best integration. Even in 2011 Authotize.net’s site and API just felt super old.

papageek|2 years ago

I worked for another company creditnet.com that started a bit before authorize.net basically wrapped ICVerify dialup verification using PGP to encrypt merchant to processor request/response.

_joel|2 years ago

I recall CC's being emailed via a form on the website and then input using the PDQ machine at the other end (what PCI?). For extra security they started sending it in two emails! I'd imagine some forgotten far flung corners of the internet still do janky stuff like that (or what was available/reasonable at the time at least)

icedchai|2 years ago

I worked on a web site about 20 years ago where the form sent a PGP encrypted email. The credit card was then processed by hand. I'm guessing this isn't PCI compliant. ;)

In the 90's, we had something similar at another company. Except there, the email wasn't even encrypted. (Don't worry, the site used SSL.)

wukerplank|2 years ago

My former employer was a lot more YOLO than that. When I joined (in the mid 2000s) there was no https on the website, passwords stored in plain text, no backup strategy, etc. But they printed money with their system.

papageek|2 years ago

Seattle? Serenet? Do I know you? :)