[ic] Credit Card comes up with XXXX-XXXX-XXXX-2884

Jim Balcom interchange-users@icdevgroup.org
Sun Jun 23 19:06:01 2002 

On Sun, 23 Jun 2002, Cline Communications, Corp. wrote:

CCC>>I suppose I'm confused then.  I understand that is very un secure.
CCC>>
CCC>>So, how would I go about getting the credit card numbers?  If I log into the
CCC>>cart again, and then click on orders, will I be able to bring them up?
CCC>>
CCC>>We already have GPG keys for our email, but we don't have a secure
CCC>>certificate yet for the website, we will be getting that soon.  Will that
CCC>>enable it to email us the information or do we still have to visit the site
CCC>>to get the orders?

Any time that your store is going to send a full credit card number by
e-mail, that needs to be done by encryption (PGP, GPG, etc) and has nothing
to do with your SSL certificate. You simply make up your own stuff as you
need it. Once set, it's done.

If your store is going to send you, or anyone else, CC# (or similar personal
information) then you need to have an SSL. This has nothing to do with GPG,
PGP, etc.

BTW, for testing, you can set your SSL up and run it without a certificate.
It is just as secure and just as reliable as it would be if you spent
several hundred dollars to Verisign for a certificate. The only difference
is that Verisign/whoever issues a certificate that they are vouching for
your authenticty, and that this certificate expires x years from the
issuance. They do nothing to your system, only to give this stamp of
authority.

HOWEVER, your would-be-purchasers  may decide to not buy from you because
you don't have a current certificate. There is absolutely no difference in a
system with a certificate that expired last week and one that expires next
week - in terms of security.

So, go ahead and set your store up completely, including the SSL, and do all
of your testing on a real-time basis. When customers start coming in, you
will need to have a current certificate in order for many of them to buy.


-= Jim =-

                   .-.
                   /v\
                  // \\
                 /(   )\
                 ^^ - ^^
          > Phear the Penguin <
              L  I  N  U  X

----------------------------------------------------------------
Jim's Linux-Operated Underground Bomb Shelter

Tagline for Sunday, June 23, 2002 at 18:45 PM:
To err is human. To moo bovine

----------------------------------------------------------------
This Linux System has been up 58 hours

My web page: http://www.idk-enterprises.com
----------------------------------------------------------------