email credit card numbers encrypted

Forum Moderators: coopster

Message Too Old, No Replies

email credit card numbers encrypted

ryan_b83

4:13 pm on Dec 3, 2006 (gmt 0)

Hello, I am trying to write a script to email credit card numbers. I tried accessing SSH and creating GNUPG keys, but I couldn't figure it out. I have cPanel which has a get generator in it, but wasn't sure if that was the right method either. Anyhow does anyone have any suggestions on a good way to encrypt -> email -> decrypt credit card numbers securly?

Thanks,
Ryan

whoisgregg

7:24 pm on Dec 3, 2006 (gmt 0)

Email is never secure. I would be uncomfortable including credit card details in any email, encrypted or not. :/

There must be a better way to solve the problem than to email credit card details. If you can share a little more information about what you are trying to accomplish, I'm sure we can work out a better solution.

henry0

7:33 pm on Dec 3, 2006 (gmt 0)

If you plan to use a gateway
This procedure will never pass the security audit most gateways are requiring prior letting you using them (When not using a cart with pre-installed gateways)

ryan_b83

9:31 pm on Dec 3, 2006 (gmt 0)

Ohhh. ok I didn't realize it was that bad even after encryption. Well i could store it in a database, but even that is not very good. I am using a VPS though.

whoisgregg

10:04 pm on Dec 3, 2006 (gmt 0)

Storing it in a database is better than email, because you are (presumably) controlling access to the database. The nature of email is that it can pass through a lot of people's hands.

True, it would take a sophisticated attacker to break your encryption but the result, if it did happen, would be catastrophic for any size business. Why risk it?

jatar_k

12:59 am on Dec 4, 2006 (gmt 0)

if you are actually taking credit card numbers I am hoping you are doing that via https (SSL)

you can create an admin, web based, login over https that would be secure for the card numbers to be retrieved.

eelixduppy

2:02 am on Dec 4, 2006 (gmt 0)

Generally storing credit card numbers, no matter what method used, isn't a good idea. It's creates risk for you, and also may be something that your host doesn't allow in the first place.

I would look for an alternate solution.

Some related threads:
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]

ryan_b83

4:44 am on Dec 4, 2006 (gmt 0)

Thanks for the scare everyone :S...lol

Anyhow mabye there is a company out there that can store credit cards for you for whatever uses you need them for? Or access them via scripts over SSL?

pixeltierra

7:15 am on Dec 4, 2006 (gmt 0)

From a discussion referenced above:

If it's an annual subscription, write the CC info to an offline location. Just because a CC # is stored electronically, it doesn't have to be in a web-accessible database, or on a machine permanently connected to the Net. That's where most of the online security scares come from, information that has no NEED to be online being compromised

How can you programatically save to a local machine w/o emailing or ftp (even encrypted)?

WHere/how do you store it temporarily on the server before you transfer to local machine?

barns101

5:19 pm on Dec 4, 2006 (gmt 0)

I would suggest using a payment gateway that will take the card details and process the payment for you. They take care of all the security issues.