Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

accepting credit card info with SSL and PGP

Posted on 2001-07-09
2
Medium Priority
?
232 Views
Last Modified: 2008-03-06
Hi,

I'm trying to find a way to get someone's credit card information from an SSL server (I'll manually process the card).

Would it be safe to, when the user submits info, have my .asp page send me a PGP encrypted email with the credit card info?

On Poor Richard's web site, he talks about saving a text file to the server, but I don't understand how that's possible, because can't any file be downloaded from your server unless it's in a private folder?  And I couldn't save a text file into a private folder because someone could just download the file that saved it in the first place to get the password.

Any help would be greatly appreciated.  I'm currently using a real-time credit card processing service, but I really would rather do it manually.  I heard that ICVerify was good software for this.

Thanks,

Travis
0
Comment
Question by:starbuck111
2 Comments
 
LVL 2

Expert Comment

by:Fenatu
ID: 6264342
You could use an encrypted, password protected Access database on the server to store your orders in. Then you could pull up an ASP page that gets the information from that database and displays it to you, and all of this would be going over SSL.

And, if I remember correctly, ICVerify is an automatic validation system.
0
 
LVL 5

Accepted Solution

by:
russellshome earned 200 total points
ID: 6264640
If an ASP page on the server can be used to get the information then the hosting provider need simply to look at the code to obtain the data - your data will not be protected from the hosting provider in any case. (Choose one you can trust).

Implemented correctly, code in an ASP file is not downloadable. Only the HTML that is output by the code is gained via a browser. (Choose a hosting provider that knows how to manage servers)

The ASP code that is used to action the purchase will save the credit card number in a file (whether this is an Access DB or plain text file is up to what you can afford, what is easier...). The name of a file will be determined in the code so it is just as secure as having the connection string to a database in the code.

The ASP code that fetches the credit card numbers entered earlier must be written such that the data is provided only if a correct login/password is provided.

All the above-mentioned code must be in a directory secured using a SSL certificate. (Choose a hosting provider that knows how to protect servers)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every business owner understands the significance of online customer reviews and the impact it can have on sales and revenues. With technology advancing at such a rapid pace, getting online reviews has never been easier, especially when many regions…
While opting for any web-to-print solution, you need to discuss with your team and some of your end users and know their opinions about your decisions. In this article we list down some questions you need to ask yourself.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question