?
Solved

accepting credit card info with SSL and PGP

Posted on 2001-07-09
2
Medium Priority
?
233 Views
Last Modified: 2008-03-06
Hi,

I'm trying to find a way to get someone's credit card information from an SSL server (I'll manually process the card).

Would it be safe to, when the user submits info, have my .asp page send me a PGP encrypted email with the credit card info?

On Poor Richard's web site, he talks about saving a text file to the server, but I don't understand how that's possible, because can't any file be downloaded from your server unless it's in a private folder?  And I couldn't save a text file into a private folder because someone could just download the file that saved it in the first place to get the password.

Any help would be greatly appreciated.  I'm currently using a real-time credit card processing service, but I really would rather do it manually.  I heard that ICVerify was good software for this.

Thanks,

Travis
0
Comment
Question by:starbuck111
2 Comments
 
LVL 2

Expert Comment

by:Fenatu
ID: 6264342
You could use an encrypted, password protected Access database on the server to store your orders in. Then you could pull up an ASP page that gets the information from that database and displays it to you, and all of this would be going over SSL.

And, if I remember correctly, ICVerify is an automatic validation system.
0
 
LVL 5

Accepted Solution

by:
russellshome earned 200 total points
ID: 6264640
If an ASP page on the server can be used to get the information then the hosting provider need simply to look at the code to obtain the data - your data will not be protected from the hosting provider in any case. (Choose one you can trust).

Implemented correctly, code in an ASP file is not downloadable. Only the HTML that is output by the code is gained via a browser. (Choose a hosting provider that knows how to manage servers)

The ASP code that is used to action the purchase will save the credit card number in a file (whether this is an Access DB or plain text file is up to what you can afford, what is easier...). The name of a file will be determined in the code so it is just as secure as having the connection string to a database in the code.

The ASP code that fetches the credit card numbers entered earlier must be written such that the data is provided only if a correct login/password is provided.

All the above-mentioned code must be in a directory secured using a SSL certificate. (Choose a hosting provider that knows how to protect servers)
0

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

When you read payment gateway for E-commerce business, the first name that comes to your mind is PayPal. It is the most widely used payment gateway in the majority of the E-commerce platforms all over the world.
There is a wide range of advantages associated with the use of ASP.NET. This is why this programming framework is used to create excellent enterprise-class websites, technologies, and web applications.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

568 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question