Re: legalities of encryption - Emailing info
by Tamara Abbey <tamara(at)abbeyink.com>
|
| Date: |
Thu, 17 Aug 2000 16:30:08 -0500 |
| To: |
Jim Tom Polk <jtpolk(at)texas.net>,
hwg-basics(at)mail.hwg.org |
| References: |
|
| |
todo: View
Thread,
Original
|
|
Jim Tom,
I know you're right about PGP and e-mail security vs. mall security, but
how do you get this to fly past the banks? I don't have a lot of experience
with eCommerce, so I'm sorry if this is a dumb question, but I know a site
owner that had to prove she was using a secure shopping cart/server set-up
before she could get the merchant bank to approve the account.
Thanks,
Tamara
At 02:31 PM 8/17/00 -0500, Jim Tom Polk wrote:
>Everything is secure up to the email part.
>
>Email, before being read, is secure if you trust the administrators of
>the server where your mail is kept. I trust my administrator for the
>ecommerce sites we handle. hehe -- basically, I trust myself and my
>boss...(grin).
>
>One thing to consider is that a ccard number in email on a server is
>more secure than it is in most retail establishments. In most retail
>stores, every Tom, Dick, Jane and Harriet has access to ccard numbers,
>but only the managers have the store keys and combination to the safe.
>An administrator is like store management, and unlike retail, only they
>have the keys and combinations. (note: I spent 21 years in retail)
>
>If you trust the administrator, then simply have the orders retrieved by
>reading them from a secure web page.
>
>What if you don't trust your administrator? What if you want to download
>the email via a regular email program? What if you don't trust your
>administrators security arrangements for the server?
>
>Use PGP to encrypt the email that contains the credit card number. Then
>read the email with a PGP enabled email program.
>
>I actually recommend PGP, even to my customers. They don't listen, but I
>do recommend. (grinace)
>
>
>
>
> > The site I made has a place where the user can order something on line
> using
> > their credit card. here's how it works: They enter the main site, then
> > click on a link to a secure site. The page that the user types on has the
> > 'lock' or 'key'. They enter their visa info, then click on
> 'submit'. When
> > they click on the 'submit' button, an email is generated to the webmaster
> > with their form data (their name, credit card number, exp. date, what
> they're
> > ordering, etc...). The recipient of the Email then uses their
> > already-existing credit card swipe machine to process their
> order. This is
> > how my client wanted it done.
> >
>
>--
>
>
>Jim Tom Polk -:- jtpolk(at)texas.net -:- http://camalott.com/~jtpolk/
> ''You might as well fall flat on your face as
> lean over too far backwards.'' --James Thurber--
> "The Universe is run by the complex interweaving of three
> elements: energy, matter and enlightened self-interest."
> - G'Kar "Survivors"
HTML: hwg-basics mailing list archives,
maintained by Webmasters @ IWA