View topic - Is TUC Affected by Heartbleed?
Is TUC Affected by Heartbleed?
3 posts
• Page 1 of 1
Is TUC Affected by Heartbleed?
I had been asked about the following concern by league team members who were about to register for their memberships....
"is it safe to pay for our membership fee online... considering the heart bleed bug?"
I know we're never 100% "safe" transacting online, but are TUC's SSL servers patched to address the bug?
Thanks.
"is it safe to pay for our membership fee online... considering the heart bleed bug?"
I know we're never 100% "safe" transacting online, but are TUC's SSL servers patched to address the bug?
Thanks.
-
jimmer - Posts: 40
- Joined: Mon Apr 05, 2004 2:20 am
The TUC server doesn't actually process payments. When you click the "pay" button, you are sent to a third-party server, run by Chase Paymentech, one of the largest online payment providers in the world. When the payment is completed, Chase sends a notification to the TUC server, but this notification does not include your credit card number. I can go into detail about this if you want, or anyone that's so inclined can look at the Zuluru code on github.
In short, the server that needs to be secured against Heartbleed is Chase's not TUC's. I can't find anything specifically related to the Chase Paymentech server that we interface with, but I did find notices from the Chase personal banking site, as well as FrontStream Holdings, which appears to be related to Chase Paymentech, both of which state that they are not vulnerable. And I really can't imagine a company as big as Chase leaving a vulnerability like this open, if they were even subject to it in the first place.
In short, the server that needs to be secured against Heartbleed is Chase's not TUC's. I can't find anything specifically related to the Chase Paymentech server that we interface with, but I did find notices from the Chase personal banking site, as well as FrontStream Holdings, which appears to be related to Chase Paymentech, both of which state that they are not vulnerable. And I really can't imagine a company as big as Chase leaving a vulnerability like this open, if they were even subject to it in the first place.
Did you get that thing I sent you?
-
GregS - TUC Webmaster
- Posts: 1291
- Joined: Thu Apr 01, 2004 1:45 pm
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests