Solved

accepting credit card info with SSL and PGP

Posted on 2001-07-09
2
227 Views
Last Modified: 2008-03-06
Hi,

I'm trying to find a way to get someone's credit card information from an SSL server (I'll manually process the card).

Would it be safe to, when the user submits info, have my .asp page send me a PGP encrypted email with the credit card info?

On Poor Richard's web site, he talks about saving a text file to the server, but I don't understand how that's possible, because can't any file be downloaded from your server unless it's in a private folder?  And I couldn't save a text file into a private folder because someone could just download the file that saved it in the first place to get the password.

Any help would be greatly appreciated.  I'm currently using a real-time credit card processing service, but I really would rather do it manually.  I heard that ICVerify was good software for this.

Thanks,

Travis
0
Comment
Question by:starbuck111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Expert Comment

by:Fenatu
ID: 6264342
You could use an encrypted, password protected Access database on the server to store your orders in. Then you could pull up an ASP page that gets the information from that database and displays it to you, and all of this would be going over SSL.

And, if I remember correctly, ICVerify is an automatic validation system.
0
 
LVL 5

Accepted Solution

by:
russellshome earned 50 total points
ID: 6264640
If an ASP page on the server can be used to get the information then the hosting provider need simply to look at the code to obtain the data - your data will not be protected from the hosting provider in any case. (Choose one you can trust).

Implemented correctly, code in an ASP file is not downloadable. Only the HTML that is output by the code is gained via a browser. (Choose a hosting provider that knows how to manage servers)

The ASP code that is used to action the purchase will save the credit card number in a file (whether this is an Access DB or plain text file is up to what you can afford, what is easier...). The name of a file will be determined in the code so it is just as secure as having the connection string to a database in the code.

The ASP code that fetches the credit card numbers entered earlier must be written such that the data is provided only if a correct login/password is provided.

All the above-mentioned code must be in a directory secured using a SSL certificate. (Choose a hosting provider that knows how to protect servers)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Every business owner understands the significance of online customer reviews and the impact it can have on sales and revenues. With technology advancing at such a rapid pace, getting online reviews has never been easier, especially when many regions…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question