slindo - 2:33 am on Dec 7, 2002 (gmt 0)

osCommerce has a kutzy way of handling orders, in my opinion, where most of the CC# is sent to you and you go to your secure server to download the missing part, then reconsitute them. To much damn fiddle work for my taste (though as I undestand it osC is infinately customizable, for those with the skill and patience).

I always wonder about Mal's and similar ops though. All these folks who are so paranoid about sending CC#s by email will cheerfully store them on a free shopping cart host. My CC company's security people told me most CC#s are stolen by employees of the company that is making the charge rather than being intercepted.

There was a defunct cart that had an solution for crude lowtech security for off line orders, it would email the CC#s to you with several extra digits added so packet sniffers looking for 16/4 digit combos would be fooled, and even if someone did intercept them it would be hard (though far from impossible) for them to figure which were the extraneous numbers. You then set up the database or whatever you were using to process the orders to remove the extra digits.