[ic] Is PGP necessary if using SSL?

Paul Jordan paul at gishnetwork.com
Sun Oct 26 11:20:41 EST 2003

From: "Hostmaster" <hostmaster at zipp.net> wrote:
>>> Hello list members,
>>> My question:  do I still need to install PGP encryption for
>>> my client's catalog if he will no longer need to decrypt
>>> credit card orders sent by Email?  This is new for me, and I
>>> am only guessing that PGP might conflict with AuthorizeNet when the
>>> order is placed.
>> Short answer: Yes.
>> Long answer: Maybe not, but it'll be easier if you don't fight the
>> system. Just install it and save yourself the hassle. It really
>> isn't that hard.
> Thank you for the short and long answers.  I know how to install it,
> I just don't understand what will happen now if my client is using
> SSL and AuthorizeNet.  Will he then receive the Order confirmation
> from AuthorizeNet PLUS the encrypted confirmation from Interchange?
> If so, this is double work for my client, and I'd like to avoid it if
> possible.
> Most gratefully,
> Michael G.

No, you don't need PGP if all your doing is sending orders to AuthNet for
settling. Note however, your client (store owner) will not recieve customer
credit card numbers in any email from IC. If he still wants a credit card
number from IC, even though AuthNet is doing the settling, then yes you will
need PGP.

Authnet will not send CC numbers via email. However you can access CC numbers
via their AuthNet Merchant UI.

I suspect you store owner just wants AuthNet to clear orders, and wants nothing
to do with CC numbers himself... so no, you don't need PGP



More information about the interchange-users mailing list