> I wonder whether sending credit card details via email is > ever going to be a good idea? I'd be asking myself if it's > really necessary (eg. how hard can it be to break the > encryption if I have a handful of these emails?)
There are certain circumstances when, if the correct precautions are taken, it IS a good idea, or at least an OK one. Like small one or two man operations that don't get enough orders to justify the expense of real time credit card processing. By correct precautions I mean a public key encryption system like <cfplug>PerthWeb's CardCrypt CFX tag</cfplug>. We created a simple (and cheap) Windows-based decryption app, called ..decrypt, which the user can paste their super-secret private key into to decrypt the email that your CF app has sent them, with the credit card details encrypted using the aforespammed CFX tag, or if it's entire sections of text you want to encrypt, the even cheaper TextCrypt CFX tag. Enough shameless plugs already... of course, this doesn't do you any good if you're using PHP. You *can* use PGP, however there are licensing issues on the server and on the client end. I'm not up to date on what these exact costs are anymore. Cheers, K. -- Kay Smoljak http://developer.perthweb.com.au --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004
