[ic] Credit Card Question

Tom Harty interchange-users@icdevgroup.org
Wed Sep 11 12:11:00 2002


It's more of a accounting/order/inventory package than
a credit batch processor.  The app takes care of the
credit card billing when the items are ready to ship. 
Standard non-encrypted PTC file. If I were to get more
clients on the software asking for a gateway into IC I
might consider writing an actual gateway that updates
credit card and shipping status.  But seeign how the
economy is at the moment I'm not holding my breath.
 
Back in MV days you could get the etc/report file to
basically output all of the data you would want, in
pretty much any format you wanted.  I agree with
making the default option require encrypt.  But
locking it in is very limiting for those who want to
bridge into brick and morter apps with out writting a
payment gateway. It's not like I'm storing the numbers
on the server.  My goal is to get them shipped off on
a private connection as quick as posible.
 
So, it looks like I have two options:
 
1) change vend.pm to give me raw data.  Which really
doesn't work if you'd like to update the software.
 
2) Leave both public and private keys on the server. 
Change my conversion/transfer program to call gpg. 
Enough to fool a script kiddie.  Not enough to fool
someone who knows what they are doing.  Then again,
I'm not storing the information on the server, and if
someone get's root I can think of at least three other
places you could mofify the system at to get the raw
data for new orders.
 

As a general comment, I'm happy with IC and the
direction it's taking.  Of course docuemtnation is a
little sketchy (As with most projects of it's type and
scale), and searching the mailing list archives may or
may not yeild current usefully information.  Your
millage may vary.

Cheers

Tom

--- cfm@maine.com wrote:
> On Tue, Sep 10, 2002 at 10:49:49PM -0700, Dan
> Browning wrote:
> > At 10:26 PM 9/10/2002 -0700, you wrote:
> > >Back in 1999 or so I wrote a minivend 3.x
> connector
> > >for a small DOS/Windows based ordering/account
> package
> > >that is popular in the mail order catalog/retail
> > >world.  I'm converting this client to IC and am
> having
> > >an issue with the credit card.  Back in the
> minivend
> > >days I totally rewrote all the reports and
> emails.
> > >Emails and transactions got the last four digits,
> the
> > >reports "file" had the full cc number and was
> piped
> > >into the converter program where it was converted
> to a
> > >dataformat the ordering/accounting/inventory
> package
> > >likes and shipped off to secure computer
> basically not
> > >on the internet.  The number never sees the light
> of
> > >day again.
> > >
> > >So now of course all my converter/transport gets
> is
> > >"41 NEED ENCRYPTION 1111 12/02".
> > >
> > >I searched the mailing list and the
> > >&credit_card=standard keep option in the
> profile.order
> > >seemed like the ticket, but hasn't worked out.
> > >
> > >The error log indicates that IC is trying to run
> PGP
> > >(and failing).
> > >
> > >So what's my best option.  Changing the PGP
> program
> > >that gets run (to NULL or cat)?  If so where?
> > >variable.txt, a GUI option?
> > 
> > I would recommend encrypting it anyway, then
> decrypting it at whatever 
> > point you actually need it (e.g. just before
> "piped into the 
> > converter").  The [encrypt] usertag posted by Ed
> LaFrance (check the 
> > archives) might come in handy.
> 
> There's a fun project, integrating PGP into one of
> those DOS
> or windows batch credit card processing programs. 
> :-)
> 
> We typically do this sort of thing by sending the
> order by
> ssh or encrypted dbiproxy via a linux
> gateway/firewall at the 
> client site.  It ultimately ends up in a "batch"
> file on samba
> or some other database; they are all plain text at
> that point.
> So much for end to end security.
> 
> Your solution will depend on your infrastructure -
> about which
> you were less than clear - but if you could hack mv3
> to your 
> needs, you can do it in ic too.
> 
> 
> > 
> >
>
/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\
> > | Dan Browning, Kavod Technologies     
> <dan.browning@kavod.com> |
> > | (360) 882-7872 x7, 6700 NE 162nd Ave, Suite 210,
> Vancouver, WA |
> >
>
\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/
> > I'm going to live forever, or die trying!
> >                 -- Spider Robinson
> > 
> > _______________________________________________
> > interchange-users mailing list
> > interchange-users@icdevgroup.org
> >
>
http://www.icdevgroup.org/mailman/listinfo/interchange-users
> > 
> 
> -- 
> 
> Christopher F. Miller, Publisher                    
>           cfm@maine.com
> MaineStreet Communications, Inc           208
> Portland Road, Gray, ME  04039
> 1.207.657.5078                                      
>   http://www.maine.com/
> Content/site management, online commerce, internet
> integration, Debian linux
> _______________________________________________
> interchange-users mailing list
> interchange-users@icdevgroup.org
>
http://www.icdevgroup.org/mailman/listinfo/interchange-users


__________________________________________________
Yahoo! - We Remember
9-11: A tribute to the more than 3,000 lives lost
http://dir.remember.yahoo.com/tribute