Welcome to WebmasterWorld Guest from 54.91.4.56

Forum Moderators: phranque

Message Too Old, No Replies

Security Questions

need to take credit cards with 128 bit encryption

     
3:56 pm on Jun 28, 2002 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2002
posts:72
votes: 0


I have a client that needs to be able to take credit cards with 128 bit encryption.

We're looking for the most simple solution here - they don't need to do any processing online because orders will be directed to 18 different franchise locations for processing.

I do, however, need to figure out how to send this sensitive info in a secure way. Is it possible to send it securely through email or is a database the only way?

3:36 pm on July 1, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 21, 1999
posts:2141
votes: 0


There's a discussion here [webmasterworld.com] that may provide some insight. Can anyone offer additional comments?
5:25 pm on July 1, 2002 (gmt 0)

Full Member

10+ Year Member

joined:June 13, 2002
posts:213
votes: 0


Hi,

I'm no expert on this stuff, but two things come to mind
you may want to consider. Maybe doing a secure
copy (i.e. scp in unix) file transfer or other type
of "secure FTP".

One can use PGP to encrypt the data, then send over
whatever unsecure channel you want, making sure
the person at the other side checks the hash to be
sure the data wasn't modified. Folks use PGP like
this to send encrypted messages via e-mail.

Basically, AFAIK there are two approaches. First,
you can have an encrypted "channel/pipe" you send
a message through that others can't read. Second,
you encrypt the data transmitted -- and don't care
if the "channel/pipe" is encrypted.

Whatever one chooses of course, both the sender and recipient
simply need a step by step procedure to encrypt/decrypt
the data in an automated fashion.

Hope something in the above is helpful.

Best wishes,

Louis

10:48 am on July 2, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 26, 2001
posts:1076
votes: 0


i'd say online processing would be the easiest and best solution. once the transaction has been processed online, a confirmation email with full order details can be automatically sent to the appropriate franchise. why make life difficult?
5:33 pm on July 2, 2002 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2002
posts:72
votes: 0


How would you guarantee the security of the confirmation email?
8:22 pm on July 2, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 26, 2001
posts:1076
votes: 0


would you NEED the confirmation emails to be secure? there wouldn't be any credit card details in them, just customer details and order details. (no need for you to handle transmission and storage of any card numbers or anything else). you'll know the orders have come through the payment system by the From address.
8:33 pm on July 2, 2002 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2002
posts:72
votes: 0


That makes sense.

I guess I will have to store the credit card infon in a database until the franchise is able to retrieve it. The confirmation can stay the same.

11:04 pm on July 2, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 26, 2001
posts:1076
votes: 0


why not use a card processing company? no need for any secure storage, no need for each franchise to process everything manually, so much easier to set up and deal with. using a card processing company can give you full automation and it doesn't cost much. why make life difficult?
11:18 pm on July 2, 2002 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2002
posts:72
votes: 0


The problem with that is that each franchise has it's own merchant account. If we wanted each to have their orders processed, we would have to set up 17 different accounts with a 3rd party provider.
7:20 am on July 3, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 26, 2001
posts:1076
votes: 0


but would you? why not have one online card processing account and just transfer funds once a week or once a month?

even if you were to set up 17 online processing accounts it'll still make life easier than having to store and transmit card numbers with 17 PGP keys.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members