maillists lists at gmnet.net
Thu Apr 6 12:08:49 EDT 2006

> We have had requests from customers to view the credit card numbers  
> on the admin/order detail screen. Is there a way to safely do this?
> It has been a burden for us to walk our customers through setting up  
> their PGP keys. We have been using Windows Privacy Tools. Our  
> customers are mostly non-technical and often get confused by the  
> process. Almost all of them are on Windows. We are also limiting them  
> to using Outlook Express for e-mail because there is a WinPT plugin  
> for it. What are some easier ways to get non-technical, remote users  
> setup with PGP?
> Bill

Hi Bill,

The credit card numbers can be viewed in the admin area, but they have
to be decrypted by your customer. I think that is a good thing. I think
it is a very bad idea to allow viewing of credit card numbers by just
logging into the admin area.  Setting up PGP or GPG is not the easiest
thing for non technical people, but I think that if you set it up for
them, and walk them through the process, they can usually get it.  Plus
a little extra work for you is not a bad thing! I suggest to my clients
to use a Linux distro with Evolution and GPG. I charge a modest fee to
set that up for them.  This way they have a dedicated secure computer to
fulfill orders, they feel good, and it is much less likely that
"employees" will mess with that. I have had clients with windows boxes
with all kinds of software installed for various reasons, sometimes
employees would install crap on it for fun, and before you know it,
spy-ware is everywhere.  I tell my clients that I cannot guarantee any
security at all if they use windows machines like this.

I am looking for a good solution for recurring orders too. I have a
coffee roasting company as a client and they would love to set up a
"coffee club". So far, I have not had any luck in finding a really good
secure way to do this. I am very paranoid when it comes to security!! I
have set up a "Tour" where people pay once, and get shipments on a
monthly basis, but the CC only gets charged once like a regular order.
The Order Admin, logs in and sees what to ship this month... I'll post
anything that I find about this but right now it is on a back burner...


