Re: legalities of encryption - Emailing info

by Tamara Abbey <tamara(at)abbeyink.com>

 Date:  Thu, 17 Aug 2000 16:30:08 -0500
 To:  Jim Tom Polk <jtpolk(at)texas.net>,
hwg-basics(at)mail.hwg.org
 References: 
  todo: View Thread, Original
Jim Tom,

I know you're right about PGP and e-mail security vs. mall security, but 
how do you get this to fly past the banks? I don't have a lot of experience 
with eCommerce, so I'm sorry if this is a dumb question, but I know a site 
owner that had to prove she was using a secure shopping cart/server set-up 
before she could get the merchant bank to approve the account.

Thanks,
Tamara


At 02:31 PM 8/17/00 -0500, Jim Tom Polk wrote:
>Everything is secure up to the email part.
>
>Email, before being read, is secure if you trust the administrators of
>the server where your mail is kept. I trust my administrator for the
>ecommerce sites we handle. hehe -- basically, I trust myself and my
>boss...(grin).
>
>One thing to consider is that a ccard number in email on a server is
>more secure than it is in most retail establishments. In most retail
>stores, every Tom, Dick, Jane and Harriet has access to ccard numbers,
>but only the managers have the store keys and combination to the safe.
>An administrator is like store management, and unlike retail, only they
>have the keys and combinations. (note: I spent 21 years in retail)
>
>If you trust the administrator, then simply have the orders retrieved by
>reading them from a secure web page.
>
>What if you don't trust your administrator? What if you want to download
>the email via a regular email program? What if you don't trust your
>administrators security arrangements for the server?
>
>Use PGP to encrypt the email that contains the credit card number. Then
>read the email with a PGP enabled email program.
>
>I actually recommend PGP, even to my customers. They don't listen, but I
>do recommend. (grinace)
>
>
>
>
> > The site I made has a place where the user can order something on line 
> using
> > their credit card.  here's how it works:  They enter the main site, then
> > click on a link to a secure site.  The page that the user types on has the
> > 'lock' or 'key'.  They enter their visa info, then click on 
> 'submit'.  When
> > they click on the 'submit' button, an email is generated to the webmaster
> > with their form data (their name, credit card number, exp. date, what 
> they're
> > ordering, etc...).  The recipient of the Email then uses their
> > already-existing credit card swipe machine to process their 
> order.  This is
> > how my client wanted it done.
> >
>
>--
>
>
>Jim Tom Polk -:- jtpolk(at)texas.net -:- http://camalott.com/~jtpolk/
>         ''You might as well fall flat on your face as
>           lean over too far backwards.''      --James Thurber--
>    "The Universe is run by the complex interweaving of three
>           elements: energy, matter and enlightened self-interest."
>                 - G'Kar  "Survivors"

HTML: hwg-basics mailing list archives, maintained by Webmasters @ IWA