I hope this isn't considered off-topic. :-)
Does anyone else on the list deal with, or have customers who use, ccbill?
Two of my customers have had negative experiences with them recently, one
related to their customer-side CGI script(s). CCBill has not been
cooperative in providing me with any kind of documentation on their data
schema, but realistically both customers need to move away from CCBill's
script to something more robust.
Customer A has serious problems with people subscribing with "guessable"
passwords, or passwords that are published to password-trading websites
frequently. They actually get visitors to their site that have found them
by typing "ccbill passwords" into search engines, and so forth. They then
have the same 3 or 4 passwords being used from -hundreds- of differing
domainnames, by most likely hundreds or thousands of different persons. We
have started deleting the abused accounts but the real solution is to stop
allowing customers to choose their own (initial?) passwords.
Customer B has a larger problem. She now believes CCBill has caused her
account username and password (which she had to share with CCBill to have
them setup their service) to become compromised. It is possible her
suspicion is correct. Has anyone else had customer accounts which turned
over passwords to CCBill become compromised recently? I would think more
than one password would be stolen from them, and thus this would not remain
an isolated incident.
Either way, CCBill has begun to genuinely scare me. These folks deal with,
on a daily basis, thousands of peoples' credit card numbers and other
individualized non-public information, and from my dealings with them over
the past week and a half, they are grossly underqualified to do so. Does
anyone else use CCBill, and if so have you had differing experiences? How
about with other companies that provide similar products?
Jeff S Wheeler firstname.lastname@example.org
Software Development Five Elements, Inc.
http://www.five-elements.com/~jsw/ 502-339-3527 Office