accepting credit card info with SSL and PGP

Hi,

I'm trying to find a way to get someone's credit card information from an SSL server (I'll manually process the card).

Would it be safe to, when the user submits info, have my .asp page send me a PGP encrypted email with the credit card info?

On Poor Richard's web site, he talks about saving a text file to the server, but I don't understand how that's possible, because can't any file be downloaded from your server unless it's in a private folder?  And I couldn't save a text file into a private folder because someone could just download the file that saved it in the first place to get the password.

Any help would be greatly appreciated.  I'm currently using a real-time credit card processing service, but I really would rather do it manually.  I heard that ICVerify was good software for this.

Thanks,

Travis
starbuck111Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
russellshomeConnect With a Mentor Commented:
If an ASP page on the server can be used to get the information then the hosting provider need simply to look at the code to obtain the data - your data will not be protected from the hosting provider in any case. (Choose one you can trust).

Implemented correctly, code in an ASP file is not downloadable. Only the HTML that is output by the code is gained via a browser. (Choose a hosting provider that knows how to manage servers)

The ASP code that is used to action the purchase will save the credit card number in a file (whether this is an Access DB or plain text file is up to what you can afford, what is easier...). The name of a file will be determined in the code so it is just as secure as having the connection string to a database in the code.

The ASP code that fetches the credit card numbers entered earlier must be written such that the data is provided only if a correct login/password is provided.

All the above-mentioned code must be in a directory secured using a SSL certificate. (Choose a hosting provider that knows how to protect servers)
0
 
FenatuCommented:
You could use an encrypted, password protected Access database on the server to store your orders in. Then you could pull up an ASP page that gets the information from that database and displays it to you, and all of this would be going over SSL.

And, if I remember correctly, ICVerify is an automatic validation system.
0
All Courses

From novice to tech pro — start learning today.