SSL / encryption of information

Posted on 2006-05-26
Last Modified: 2010-04-11
I am developing an e-commerce site for a client.  The client accepts credit cards but for accounting purposes does NOT want to process the credit card through a payment gateway.  Instead, when a website visitor makes a purchase, the credit card number should be entered into a form on the site and the purchase information emailed to the Orders Processing tech.


The site will be hosted with a major hosting company that provides e-commerce hosting (ColdFusion /  IIS platform).

Will having an SSL Certificate give me the ability to encrypt credit card information to the server and through the email to the Orders Processing tech?  I am using an add on shopping cart, Cartweaver, but again, no payment gateway, no merchant.  It is being processed over the phone.

Is it feasible or likely that the host would encrpyt anything coming to the client?

Since I'm still hoping to talk them out of this method, I'm gathering what I can from reputable online sources about this type of transaction, such as an article from Better Business Bureau.  Can't find alot.  Any links also appreciated.

Thank you!
Question by:texastwostep
    LVL 32

    Accepted Solution

    No, the SSL cert will only enable you to do HTTPS (which, of course, you DO want to do).  But I'd recommend that you encrypt the sensitive information in a script PRIOR to sending it in an email.

    Several encryption options are available but I'd recommend RSA.  Encrypt with the public key in the script, decrypt at the destination with the private key.
    LVL 3

    Expert Comment

    Ok, question number 1.  What company is this?  I just want to be sure not to give them my credit card number

    And jhence is correct, however, you will need to have an application of some sort on the company's end to decrypt the emails they recieve from the web server.
    LVL 3

    Expert Comment

    Oh and another piece of advice.  Whatever system will be recieving the emails with the credit card numbers, be damn sure to keep it very clean and free of malware.  There is malware out there that will redirect internet communications through other servers with the intention of exploiting all the communications.  They are rare but they do exist and if someone were to get their malware into the computer recieving those emails they would gain the ability to, through simple packet sniffing, grab all the emails and start to notice they are filled with credit card numbers to play with.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now