Secure Data Transfer

Forum Moderators: phranque

Message Too Old, No Replies

Secure Data Transfer

Is this an acceptable practice?

5stars

4:09 am on Oct 29, 2003 (gmt 0)

I recently hired a new designer to integrate Telecheck with my site. I have accepted CC for some time and I am not sure how my last designer passed the info to Verisign but the string did not show up in my log files.

This new designer is passing the values in such a way so that they post in my log files. I also have live chat and the values are posting in the Live Chat window. I questioned him about this and he says it is secure. Can I get some other opinions on the subject?

Here is an example of how it would post to my logs and live chat.

AMT=&CITY=Bethel&NAME=Michelle%20G.%20Doe&CHKNUM=147&PHONEN
> UM=203-987-054
> 8&EMAIL=mdoe@aol.com&STREET=28%20Old%20Hawley%20Road%2
> 0&STATE=CT&ZIP
> =06801&MICR=22117214567819000147&DL=CA123456200
> 021164753

Thanks in advance

bcc1234

5:27 am on Oct 29, 2003 (gmt 0)

If it's over https then it's secure. Still, you might want to change your methods from get to post.

txbakers

7:11 pm on Oct 31, 2003 (gmt 0)

Why are you posting this information in a live chat window?

With that information I can get into that person's bank account without problems. You provided me with the MICR number and the person's drivers license.

5stars

7:22 pm on Oct 31, 2003 (gmt 0)

The information I posted here... I changed. I am not totally stupid. I was giving you an example of what my designer was passing through a url... which shows up in my live chat co-browse window and also posts to my log files.

He says it is secure...

I say how can it be?

I have an SSL... I thought all data was encrypted... but how can it be if I can see this data live as the customer is entering it.

Your help and feedback is appreciated.

txbakers

7:36 pm on Oct 31, 2003 (gmt 0)

I knew it was bogus data - the point is, however, if you can see the real data over a "live chat" it's not secure, even with SSL. (AFAIK)

SSL will encrypt the data while being transmitted.

Of course, I've been known to be wrong before, from time to time.