Our anonymous submitter, whom we’ll call Carmen, embarked on her IT career with an up-and-coming firm that developed and managed eCommerce websites for their clients. After her new boss Russell walked her around the small office and introduced her to a handful of coworkers, he led her back to his desk to discuss her first project. Carmen brought her laptop along and sat down across from Russell, poised to take notes.
Russell explained that their newest client, Sharon, taught CPR classes. She wanted her customers to be able to pay and sign up for classes online. She also wanted the ability to charge customers a fee in case they cancelled on her.
“You’re gonna build a static site to handle all this,” he said.
Carmen nodded along as she typed out notes in a text file.
“Now, Sharon doesn’t want to pay more than a few hundred dollars for the site,” Russell continued, “so we’re not gonna hook up an endpoint to use a service-provided API for payments.”
Carmen glanced up from her laptop, perplexed. “How are we gonna do it, then?”
“Via email,” Russell replied smoothly. “The customer will enter their CC info into basic form fields. When they click Submit, you’re gonna send all that to Sharon’s business address, and also CC it to yourself for backup and recovery purposes.”
Carmen’s jaw dropped. “Just … straight-up email raw credit card data?”
“Yep!” Russell replied. “Sharon knows to expect the emails.”
Her heart racing with panic, Carmen desperately cast about for some way for this to be less awful. “Couldn’t … couldn’t we at least encrypt the CC info before we send it to her?”
“She’s not paying us for that,” Russell dismissed. “This’ll be easier to implement, anyway! You can handle it, can’t you?”
“Yyyes—”
“Great! Go get started, let me know if you have any more questions.”
Carmen had plenty of questions and even more misgivings, but she’d clearly be wasting her time if she tried to bring them up. There was no higher boss to appeal to, no coworkers she knew well enough who could slip an alternate suggestion into Russell’s ear on her behalf. She had no choice but to swallow her good intentions and implement it exactly the way Russell wanted it. Carmen set up the copied emails to forward automatically to a special folder so that she’d never have to look at them. She cringed every time a new one came in, reflecting on how lucky Sharon and her customers were that the woman supporting her website had a conscience.
And then one day, a thought came to Carmen that really scared her: in how many places, in how many unbelievable ways, was her sensitive data being treated like this?
Eventually, Carmen moved on to bigger and better things. Her first project most likely rests in the hands of Russell’s newest hire. We can only hope it’s an honest hire.
[Advertisement]BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!
Source: Read MoreÂ