Thanks Kevin, I will check it out. Looks for about $500 I could have a pretty good encryption system. I wonder if it's worth it... I think for now just I simply capture the last 4 numbers of the card for reference. The only reason I would need to capture the card number is if for any reason I would need to re-run it. There was a need for this a while back when a customer would send an e-mail with an order change right after they ordered something. But now I think it would be best to have them go through the system again and place a second order.
Neal Bailey Internet Marketing Manager E-mail: [EMAIL PROTECTED] -----Original Message----- From: Kevin Barber [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 3:06 PM To: [EMAIL PROTECTED] Subject: RE: Credit Cards - Best Practices Neal, For your encryption, you might want to investigate: http://www.digitaloutlook.com/solutionsstore.cfm It is the PGP technology. It is a .dll for your custom tag directory. (I have not used it, but it comes recommended by some shopping cart providers) You can download a freebie or 30 day for testing purposes. HTH. Kevin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bailey, Neal Sent: Monday, March 08, 2004 2:32 PM To: [EMAIL PROTECTED] Subject: RE: Credit Cards - Best Practices Thanks Matt, Preferably I would like to encrypt the CC numbers but I really don't know how to go about this. Any suggestions? And can I de-crypt the number if needed? With the Card API that I'm using, it will also give immediate feedback on the pre-authorizing same as a normal transaction. So live feedback I not really an issue. I am just not sure which is better. We sale candles and I'm not sure if it would be right to charge the customer's card if say we are out of stock on something. Usually we process their cards when we ship the merchandise. With that being said, I guess it may not matter as I'm thinking about it, I usually get charged immediately for a magazine subscription even though it can take a month or two to get the actual magazine. Neal Bailey Internet Marketing Manager E-mail: [EMAIL PROTECTED] -----Original Message----- From: Matthew Woodward [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 11:34 AM To: [EMAIL PROTECTED] Subject: RE: Credit Cards - Best Practices In general when I deal with credit cards I absolutely recommend that unless someone is on a dedicated server in an extremely secure environment (their own firewall, the whole works), they should never store credit card information, even on a temporary basis. You're opening yourself up to too much liability otherwise IMO. Even if you are in a secure environment, you still likely want to somehow obfuscate or encrypt the CC numbers in the database the second they get inserted. If someone hacks in the CC numbers shouldn't just be sitting there for the hacker to see. In general for retail stuff I do the CC processing right when the buyer hits the "buy" button, just because then they get immediate feedback if their CC gets declined or if there's some other problem with the order. I can definitely see how if you were doing high-volume stuff the batch processing might be the way to go though. Just depends on the situation. I typically use Verisign Payflow Pro and haven't ever run into any issues with doing one-off transactions, but I haven't done any huge volume e-commerce sites either. HTH, Matt ------------------------- Matthew P. Woodward [EMAIL PROTECTED] ----Original Message Follows---- From: "Bailey, Neal" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Credit Cards - Best Practices Date: Mon, 8 Mar 2004 11:11:47 -0600 Hello CFers... I was wondering what are the best practices for credit card processing over the web. Should you pre-authorize a customer's card during check out and then run a batch transaction at the end of the day? Or should you run the card as a final sale and gather the funds immediately. Just as I have heard people doing it both ways and I am in the process of converting my cart over to an automatic Card processor API. What are the pros and cons of both... Also I have noticed that many shopping carts store their Credit card info in the database. I have a little utility (MS Access) that transfers the customer's info to my system at home and then deletes all credit card info. This usually runs twice a day. Is there a better way to keep the card info secure? Thanks Neal Bailey Internet Marketing Manager E-mail: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] _________________________________________________________________ Create a Job Alert on MSN Careers and enter for a chance to win $1000! http://msn.careerbuilder.com/promo/kaday.htm?siteid=CBMSN_1K&sc_extcmp=JS_JA Sweep_MSNHotm2 ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org
