Web Wiz - Solar Powered Eco Web Hosting

  New Posts New Posts RSS Feed - Online store conundrum
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Online store conundrum

 Post Reply Post Reply Page  <12
Author
dpyers View Drop Down
Senior Member
Senior Member


Joined: 12 May 2003
Status: Offline
Points: 3938
Post Options Post Options   Thanks (0) Thanks(0)   Quote dpyers Quote  Post ReplyReply Direct Link To This Post Posted: 06 January 2004 at 4:19pm

I did an mortgage site that swiped the card off line as fees would be outrageous online.

For this kind of operation, I wouldn't store credit card numbers. It's (I think) not like people drop in once or twice a week to get a new drum?

You would have to use ssl to cover cc's in transit from them to you. For the email side of things, your host probably already has PGP or some other encryption mechanism in place. You'll need to generate sender and recipient keys, distibute the recipient key to the people who get copies, perhaps set up separate email accounts for them on their client email program, and encrypt the message using the sender/server key.

You may also want to look at encrypting as much of the header as you can. It can be difficult with some email servers and anti-spam measures. To be VERY secure, you can encrypt the email for storage on the mail server and have the client access via a VPN but that'll cost more $ and most shared hosts don't support VPN's.

Your exposure here is an inside job by one of the hosting company employees. Of course that applys to storing CC's on a db as well. If they have access to your mail/db server and access to your code, they can pinch the encryption keys and apply them.


Lead me not into temptation... I know the short cut, follow me.
Back to Top
ljamal View Drop Down
Mod Builder Group
Mod Builder Group


Joined: 16 April 2003
Status: Offline
Points: 888
Post Options Post Options   Thanks (0) Thanks(0)   Quote ljamal Quote  Post ReplyReply Direct Link To This Post Posted: 06 January 2004 at 5:07pm
Originally posted by dpyers dpyers wrote:

I did an mortgage site that swiped the card off line as fees would be outrageous online.


As long as it is a "card not present" transaction where the credit card owner is not present to sign the receipt the fees are likely to be the same. Most merchant account have multiple transaction fees including one for CNP orders such as Internet and phone orders and a different rate for fax order and yet another rate for swiped cards.
Back to Top
 Post Reply Post Reply Page  <12

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.07
Copyright ©2001-2024 Web Wiz Ltd.


Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Policy

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2024 Web Wiz Ltd. All rights reserved.