login (main site)

Sim · Post by **Sim** » Sun Jun 10, 2012 12:06 pm

I use to be able to use saved password editor to manually have it save login info on nfo main site but that no longer works.

NFO is the only damn site that thinks it must disable it if they accept credit card payments (which is 100% WRONG). All other sites on the web allow users/customers to save login info on their own computers, so they don't have to manually enter it every time they login.

Newegg
Tigerdirect
Amazon

.=QUACK=.Major.Pain · Sun Jun 10, 2012 12:36 pm

Had issue 2 days ago in the evening, where I came on the site and had to re-enter all my login info. Normally it auto logs in. Something must have changed on the site.

Had to do the same everytime I visited all day yesterday too.

Finally today it's doing the auto login.

Sim · Post by **Sim** » Sun Jun 10, 2012 12:44 pm

The last time i posted about his John said he had to disable to be PCI compliant which is weird when every other website that accepts credit cards still allows it.

I have looked at PCI rules and nothing in it says websites must not allow customers to save login info. It has something about employee's shouldn't save login info if they have access to database with customers personal info.

TimeX · Post by **TimeX** » Sun Jun 10, 2012 2:46 pm

You may want to post a reply in that older thread then, if this is just a continuation of that topic. As for logging in automatically on our site, that is done via cookies, and still works. You can use that method instead of storing passwords locally, which isn't much different from a security standpoint.

Sim · Post by **Sim** » Sun Jun 10, 2012 5:05 pm

I did have a work around but now its only working on part of nfo site. Seems like every time i start fresh (format) something else ends up being blocked on this site lol.

I hope the next time NFO has it's site scanned to show "PCI Compliance" you makes sure to address this with the place doing the scan. No reason to keep it disabled when you don't have.

Nothing in PCI Security Council standards says websites must block customers from being able to use save login info, if it did sites like Amazon and Newegg would be forced to disable it too.

Post by **Edge100x** » Sun Jun 10, 2012 9:15 pm

We do not have a choice in this matter. I have already escalated it with the scanner and with our processor and have been told in no uncertain terms that it is a hard requirement, with no exceptions granted. Why some other sites appear to not be held to this same standard, I do not know.

We do not need multiple threads on this topic. One is sufficient. In the other thread, workarounds were discussed.

(I personally regularly access other sites that have the same requirement, including multiple banks and the UPS website.)

Sim · Post by **Sim** » Mon Jun 11, 2012 2:48 am

Sounds like the place you used is making up its own rules, probably dealing with a person from India lol. If they can't show you where it states you can't allow users/customer to save login info then i would find a new place next time you have to do a scan.

Post by **Edge100x** » Mon Jun 11, 2012 10:11 am

Switching both the scanner and payment processor, and modifying all of our systems to use the new processor, would be non-trivial. We'll stick with what we have now.

As I mentioned, we're not the only site that does this. The banks I use also do it, as does UPS. It is a security precaution that makes some sense.

If you just set it up to stay logged in, you can avoid having to log back in entirely.

Server rentals :: NFOservers.com

login (main site)

login (main site)

Re: login (main site)

Re: login (main site)

Re: login (main site)

Re: login (main site)

Re: login (main site)

Re: login (main site)

Re: login (main site)