[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: New Question: PGP and SSL security question
****** message to minivend-users from Erik Aase-Remedios <erik@fourfish.com> ******
PGP is good for encrypting the CC for transit to your staff member.
However PGP does nothing for the consumer. The consumer would enter the
CC into their web browser and transmit it to the minivend _without_
encryption. This is exactly the thing that makes people fearfull of
internet commerce.
While most likely no one would intercept the CC info, if somebody did
intercept the number they would have it. SSL does nothing to protect
against the interception, but it makes the data intercepted unusable
because of the encryption.
I hope this clarifies things. You would be protecting your end of things
(encryption once the CC is on the server) but leaving the customer out in
the open. I doubt too many people would give you their CC numbers.
-Erik
On Mon, 22 Feb 1999, Jeff Platt wrote:
> ****** message to minivend-users from Jeff Platt <jplatt@hq.marh.gov.bc.ca> ******
...
>Let us say that I am in a position where I cannot use the SSL or have a
>secure server set up. I still would like to take credit card numbers from
>our customers and have them manually processed by a staff member. Is the
>PGP option used with MiniVend adequate enough for credit card security from
>the application to the specified staff member?
...
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
