secure email

Printable View

Jun 30th, 2005, 09:44 AM
Rocketdawg

secure email

I have a client who wants to manually process credit cards using an existing merchant account.

Is there a way in asp.net to securely send a credit card number by email?

Would it be better to insert the customer info into a database in a protected folder on the server?

I've always used third party credit card processing, so I'm a bit hazy on how to proceed. :blush:

Any pointers would be greatly appreciated! Thanks
Jul 1st, 2005, 03:22 AM
dj4uk

Re: secure email

The only thing I can think of is using a standard email encryption method - however I've never tried this!

Storing the password on the server is only as secure as the host that you are using.

By not using a third-party you or your client will be liable for any fraudulent transactions is the data is stolen anywhere and I think you'll find it will be for the TOTAL of all transactions!

I've had clients in the past asking me to do this to save money - I always refuse. If you do go through with it I would suggest getting them to sign a document not holding you liable if anything is stolen.

Why do they need to use this method or is it just to save money?

DJ
Jul 1st, 2005, 07:01 AM
Rocketdawg

Re: secure email

They're pretty generous!

I'm not sure what the logic is behind doing it this way -- I think they wanted to have everything in one place (then manually put info into a FM Pro database, process the card manually)

My biggest concern with secure email is after it arrives on their machine. I figure that's everyone's biggest concern.

Since they want the process more automated, they'll probably be open to options. I think I'll send the last 4 of the CC & cust info to the db & insist a third party handle the financial transaction.

Thanks DJ. It's great to know how others handle this stuff.
Jul 1st, 2005, 10:28 AM
dj4uk

Re: secure email

Quote:

They're pretty generous!

- so you need to suck in air between your teeth and say "that's going to cost more I'm afraid!" ;)

The only things I worry about is that people can intercept data when it is transferred (encryption gets around this) and having the data sat on systems that aren't monitored for intrusions. Take a look at the systems payment providers use - they constantly monitor network activity to stop this - I certainly don't have time to do this.

Of course it always possible that you can have an unecrypted completely insecure system that never has any problems but it's all a question of risk and how much you want to take!

DJ