PDA

View Full Version : Credit Card info not emailed!



Anonymous
11-24-2002, 01:34 PM
Hello,

An email to buyer and shop owner is sent on purchase but there is no credit card info if being used manually. How does one include this in the email?

Also, is there extra code somewhere that will send half of the card # to shopowner with the name and on clicking a link go back to a page to see the complete number. This way the complete number does not exist anywhere.

We had this written for another membership site we have. It works great!

But first, why don't I get the credit card info ?

Bill

Anonymous
11-24-2002, 06:45 PM
As long as you having that problem that would mean that you are one step(may be more :lol: ) ahead of me.I'm still having a problem on getting my shop accept credit cards.I want to do offline CC processing the only problem is that I can't get it to accept CC numbers.In the checkout page, the payement method is empty and it allows you to finish up the order without taking the proper informations.Am I missing something??
Any help would be reeeally appreciated.
Cheers.

michael_s
11-24-2002, 08:28 PM
First, CC info should NEVER be sent through email. EEK! That is really asking for trouble. I have never used this option before, but I think the CC's are put in the database. You may have to check there.

As a responsible e-commerce shop owner, I suggest you avoid emailing credit card numbers, unless you encrypt the email (128 bit minimum). If anyone got news that you were emailing clear cc#'s, there would be a free for all as cc#'s = FREE MONEY to criminals. I don't think your customers would be too happy if they found out your were so lax in your security measures.

Anonymous
11-24-2002, 10:38 PM
Thank you for the reply. and yes I do understand the potential hazzards with CC's via email however with the 128 encrypt it is pretty safe.

Most of the sites we deal with are all low profile sites and do not have the resources to use the bank gateway systems as some of our larger clients do.

That's why we still need somehow to allow them to be able to do it the manual way. We have a couple of other shops where it is used and hoped that we could use it at 'our peril' with this shop.

We basically needed to know what code we would have to change to actually get the cc numbers sent. We will try and get our php programmer to get half by the initail order email and use a link to get back to a page where the other half will be exposed only while the page is shown.

It then would have to be manually written down as one would do if it was a telephone order.

Thanks again

modom
11-25-2002, 05:21 AM
The credit card numbers are in the database.

Why can't the store owner log into their admin area and retrieve the cc number? All of the info is in there and they can even print out an invoice.

Then, after the product has been sent to the customer they need to delete the order from the admin.

It's always good to be extra safe.

michael_s
11-25-2002, 06:50 AM
I looked a little deeper into this issue, and found a contrubution at http://forums.oscommerce.com that encrypts the email before it is sent.

Here is the link:

http://www.oscommerce.com/downloads.php/contributions,66

I think I saw a few threads that discussed encrypting the cc# in the database as well. Do a search on "encrypt" over at http://forums.oscommerce.com and you will get lots of good reading material.

Anonymous
11-25-2002, 06:27 PM
Not sure I agree. When I got my merchant acct I called the company's security dept and asked if they had any problem with sending CC#s by email and they said no, that statistically they were far more likely to be stolen by someone at my end, and that the chances of that were miniscule compared to them being stolen in a restaurant. Since then it seems to me everytime I hear of CC3s being stolen on the net it is from the database on a SECURE SERVER.

Can't remember who said the reason he robbed banks was because that was where the money is, but CC#s are the same - you want them you look on an Ecommerce site, not in email becaue there is just too much of it, perfect camoflauge.

BTW there was a now defunct shopping cart that had a very simple method of semi incryption, it would add extra digits to the CC number which you would then remove at your end - would also confuse sniffers looking for 16 digit strings.







First, CC info should NEVER be sent through email. EEK! That is really asking for trouble.