Welcome to MobyThreads.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in
All support for the MobyThreads Threaded phpBB MOD can now be found on welsolutions at this forum

Credit Card Details

  
   Web Hosting and Web Master Forums (Home) -> ECommerce RSS
Next:  Website Comments + Advice  
Author Message
ktc1

External


Since: Apr 10, 2004
Posts: 2



(Msg. 1) Posted: Sat Apr 10, 2004 4:54 pm
Post subject: Credit Card Details
Archived from groups: biz>ecommerce (more info?)
Hi,

I have a form set up on my website that allows customers to input
their credit card details, which are transferred to the webserver that
hosts my website in a secure manner (Verisign).

How do i then retrieve these details in a secure manner (ie a means
other than email)???

I am using FrontPage to create my pages, and do not have a strong
programming background...

Thanks!

 >> Stay informed about: Credit Card Details 
Back to top
Login to vote
cgunn

External


Since: Jul 05, 2003
Posts: 258



(Msg. 2) Posted: Sat Apr 10, 2004 6:16 pm
Post subject: Re: Credit Card Details [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Sat, 10 Apr 2004 13:54:46 -0500, ktc1.RemoveThis@tpg.com.au (Andrew) wrote:

 >I have a form set up on my website that allows customers to input
 >their credit card details, which are transferred to the webserver that
 >hosts my website in a secure manner (Verisign).

Howdy Andrew,

First off: To all of those using home grown and uncertified shopping carts,
you are putting yourself in a position to be fined thousands of dollars for
each credit card number you compromise. On top of that, there are some
shopping carts that got certified that shouldn't have.

 >How do i then retrieve these details in a secure manner (ie a means
 >other than email)???

The only partially safe way is via web mail secured with an SSL (Security
Certificate). If the card numbers are stored on the server in a folder
accessible to the web, you are already in big trouble. Rogue web crawlers
can collect your data files any time they want to. Then all they need to do
is install a copy of the same shopping cart and they've Got You!

Next, drop down to the DOS prompt and type "ping yourdomain.com". If you
don't see four lines of "Request Timed Out" you are on a server that does
not have a firewall or it is poorly configured. Get your card numbers off
that server if they don't correct things.

 >I am using FrontPage to create my pages, and do not have a strong
 >programming background...

FrontPage and similar should NEVER be used for ecommerce sites. Please hire
a skilled and knowledgeable web designer who has a bunch of experience and
references you can check. Even then, ask them to show you where their
shopping cart solution is listed as "certified".

You'll find a link to get to one of the better ones at the foot of the
<a style='text-decoration: underline;' href="http://bizycart.com" target="_blank">http://bizycart.com</a> page. Yes, it's my program and I've learned a bunch of
things the hard way {grin}.

Thanks, Chris <a style='text-decoration: underline;' href="http://www.bizynet.com" target="_blank">http://www.bizynet.com</a>
BIZynet Coordinator cgunn.RemoveThis@bizynet.com
Moderator of biz.general, biz.marketplace.discussion, biz.healthcare,
biz.marketplace.web-design, biz.marketplace.international & others<!-- ~MESSAGE_AFTER~ -->

 >> Stay informed about: Credit Card Details 
Back to top
Login to vote
ktc1

External


Since: Apr 10, 2004
Posts: 2



(Msg. 3) Posted: Sun Apr 11, 2004 4:41 pm
Post subject: Re: Credit Card Details [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Chris Gunn <cgunn.RemoveThis@bizynet.com> wrote in message
news:<htjg7015bibmnm151clnm9kt2iq8du3qvi.RemoveThis@4ax.com>...
 > On Sat, 10 Apr 2004 13:54:46 -0500, ktc1.RemoveThis@tpg.com.au (Andrew) wrote:
 >
  > >I have a form set up on my website that allows customers to input
  > >their credit card details, which are transferred to the webserver that
  > >hosts my website in a secure manner (Verisign).
 >
 > Howdy Andrew,
 >
 > First off: To all of those using home grown and uncertified shopping carts,
 > you are putting yourself in a position to be fined thousands of dollars for
 > each credit card number you compromise. On top of that, there are some
 > shopping carts that got certified that shouldn't have.
 >
  > >How do i then retrieve these details in a secure manner (ie a means
  > >other than email)???
 >
 > The only partially safe way is via web mail secured with an SSL (Security
 > Certificate). If the card numbers are stored on the server in a folder
 > accessible to the web, you are already in big trouble. Rogue web crawlers
 > can collect your data files any time they want to. Then all they need to do
 > is install a copy of the same shopping cart and they've Got You!
 >
 > Next, drop down to the DOS prompt and type "ping yourdomain.com". If you
 > don't see four lines of "Request Timed Out" you are on a server that does
 > not have a firewall or it is poorly configured. Get your card numbers off
 > that server if they don't correct things.
 >
  > >I am using FrontPage to create my pages, and do not have a strong
  > >programming background...
 >
 > FrontPage and similar should NEVER be used for ecommerce sites. Please hire
 > a skilled and knowledgeable web designer who has a bunch of experience and
 > references you can check. Even then, ask them to show you where their
 > shopping cart solution is listed as "certified".
 >
 > You'll find a link to get to one of the better ones at the foot of the
 > <a style='text-decoration: underline;' href="http://bizycart.com" target="_blank">http://bizycart.com</a> page. Yes, it's my program and I've learned a bunch of
 > things the hard way {grin}.
 >
<font color=purple> > Thanks, Chris <a style='text-decoration: underline;' href="http://www.bizynet.com</font" target="_blank">http://www.bizynet.com</font</a>>
 > BIZynet Coordinator cgunn.RemoveThis@bizynet.com
 > Moderator of biz.general, biz.marketplace.discussion, biz.healthcare,
 > biz.marketplace.web-design, biz.marketplace.international & others


Chris,

Thanks for all your advice.

The web server that I am using offers Agora Shopping Cart - is this a
good option??

Also - what makes FrontPage incompatible with e-commerce sites?? Is it
a security issue or a useability issue??

Regards,
Andrew<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Credit Card Details 
Back to top
Login to vote
cgunn

External


Since: Jul 05, 2003
Posts: 258



(Msg. 4) Posted: Sun Apr 11, 2004 5:48 pm
Post subject: Re: Credit Card Details [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Sun, 11 Apr 2004 13:41:28 -0500, ktc1.TakeThisOut@tpg.com.au (Andrew) wrote:

 >Thanks for all your advice.
 >
 >The web server that I am using offers Agora Shopping Cart - is this a
 >good option??

Howdy Andrew,

Agora is not one of those that has gone through Authorize Net's
certification process. It may be fine if it has all of the protections
built into it to minimize the possibility of compromising credit card
numbers.

You should never be able to view a credit card number, either while typing
it or retrieving it, without an https (secure) connection.

 >Also - what makes FrontPage incompatible with e-commerce sites?? Is it
 >a security issue or a useability issue??

Both! FrontPage generates horribly mangled HTML code that is not compatible
with all browsers. It also creates a number of security holes.

If you use FrontPage to publish your web pages (instead of standard FTP) and
FrontPage can retrieve the data base (with card numbers) from your site,
it's got you standing on a three legged chair.

If your shopping cart stores it's data bases where you can see the folder in
the same area as your web pages, you are not safe. Properly implemented SQL
data bases are stored on the server where they are not accessible via the
web.

There are bunch of other details such as how to properly encrypt credit card
numbers along with good passwording.

I haven't checked lately to see if PayPal fixed their security hole when
logging into your account. Last time I checked, it was real easy to run a
password hacker on it because there was no limit on how many tries were
allowed.

Chris<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Credit Card Details 
Back to top
Login to vote
Display posts from previous:   
   Web Hosting and Web Master Forums (Home) -> ECommerce All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]