Solved

accepting credit card info with SSL and PGP

Posted on 2001-07-09
2
222 Views
Last Modified: 2008-03-06
Hi,

I'm trying to find a way to get someone's credit card information from an SSL server (I'll manually process the card).

Would it be safe to, when the user submits info, have my .asp page send me a PGP encrypted email with the credit card info?

On Poor Richard's web site, he talks about saving a text file to the server, but I don't understand how that's possible, because can't any file be downloaded from your server unless it's in a private folder?  And I couldn't save a text file into a private folder because someone could just download the file that saved it in the first place to get the password.

Any help would be greatly appreciated.  I'm currently using a real-time credit card processing service, but I really would rather do it manually.  I heard that ICVerify was good software for this.

Thanks,

Travis
0
Comment
Question by:starbuck111
2 Comments
 
LVL 2

Expert Comment

by:Fenatu
ID: 6264342
You could use an encrypted, password protected Access database on the server to store your orders in. Then you could pull up an ASP page that gets the information from that database and displays it to you, and all of this would be going over SSL.

And, if I remember correctly, ICVerify is an automatic validation system.
0
 
LVL 5

Accepted Solution

by:
russellshome earned 50 total points
ID: 6264640
If an ASP page on the server can be used to get the information then the hosting provider need simply to look at the code to obtain the data - your data will not be protected from the hosting provider in any case. (Choose one you can trust).

Implemented correctly, code in an ASP file is not downloadable. Only the HTML that is output by the code is gained via a browser. (Choose a hosting provider that knows how to manage servers)

The ASP code that is used to action the purchase will save the credit card number in a file (whether this is an Access DB or plain text file is up to what you can afford, what is easier...). The name of a file will be determined in the code so it is just as secure as having the connection string to a database in the code.

The ASP code that fetches the credit card numbers entered earlier must be written such that the data is provided only if a correct login/password is provided.

All the above-mentioned code must be in a directory secured using a SSL certificate. (Choose a hosting provider that knows how to protect servers)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Often people are aiming at development of perfect Magento websites. Though, it is easier said than done. You know what’s much easier? To ruin everything. It can be done in seconds. Many of us experimented with design, tried to change some values dir…
Read about how to choose the best possible content marketing agency to suit your needs. Content marketing has become an integral part of running a successful tech business, so it is wise to be informed.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now