What would you do?
Suppose you have a hosted E-Commerce procurement solution for companies with approval hierarchies, authorization, etc. This system generates orders that are purchased and sent to the buying user.
One of your clients asks youto reset all passwords for all users for their company to the same word to make it easier. So anyone can login as anyone else to place orders and do approvals.
CIO says: Whoa! Very poor password practices. At minimum, their management needs to beadvised.
The COO and Director of Marketing say: Hey, whatever the customer wants. They made the request, they’re taking the risk. We’ll honor all orders regardless.
Questions:
– Does the E-Commerce hosting site have any exposure? If fraud was committed, does the E-Commerce host site have any liability.
– In general, does the E-Commerce hosting site have any responsibility for protecting clients from making requests potential injurous to themselves? Or should they just do whatever the client if it only affects the client?