From what I know, your merchant will have restrictions on how you are allowed to transmit CC data.

I believe that it is your obligation to make sure that data is encrypted so that it can ONLY be read by the intended recipients (You). Remember, Emails are sent in plain text format and could be easily sniffed by a 3rd party.

I think emailing yourself the order details is fine BUT Encryption is definetly required.

Would you have any suggestions to encrypt? PGP? Is it possible to encrypt on server side?

Thanks.

I'm really not sure if the server can use PGP to encrypt emails, but I would be very surprised if there was not someway to do this. In fact I think I have heard of it being sone!

At the very least you could write you own script to just encrypt the creditcard details, substituting each number 0-9 with a string of some kinda, then you could decrypt it on your end. Simple but it would work effectively.

At the very least you could write you own script to just encrypt the creditcard details, substituting each number 0-9 with a string of some kinda, then you could decrypt it on your end. Simple but it would work effectively.

Gaak! The first several digits in a credit card number are fairly common (or easily guessed), and the LUN checksum inherit in the number means that with only a handful of stolen numbers, you'd easily break that system.

PGP/GPG would be a good way to do it. Since it uses public key cryptography there are no private keys on the web server, and only the indended recipient(s) can read it.

Sean

You can't mail card numbers unencrypted over the web. (or at least you shouldn't)

Get pgp formmail script - there is a php version and a pl version out there - throw that in and use it to send out the data by email.