Hi, there...

I hope these questions won't be too inane, but I'm new to the internet as a business owner versus being a long-time customer.

When a customer places an order, my understanding is that their personal information is protected by SSL encryption and is sent to a secure server. Using osCommerce's shopping cart program, will a customer of mine post their order/personal information on to osCommerce's secure server or PowWeb's secure server? Secondly, how do I receive that order/personal information securely as well?

Would I have my own website "order" database, which I would then periodically view on the secure server and then print out my customer orders, so that there wouldn't be any unsecure tranfer of that information to me? Alternatively, are the customer orders and personal information sent to me, somehow? If that information is sent to me, is it sent via SSL encryption as well, so that if some potential identity thief is able to intercept those orders, they won't be able to decode my customers' personal information? How would I decode my customers' orders/personal information and would it be sent to me via e-mail or e-mailed zipped attachment?

My concern is that customer information would be e-mailed to me, which doesn't seem to be a secure form of communication. I will be telling my customers that their personal information is protected by SSL encryption and that only 3rd party financial institutions will have access to that information (other than myself), but only for the purpose of processing their customer orders. I figured that SSL encryption went both ways (from customer to server and from server to me - the website/business owner).

I'm a real newby at this, so I would appreciate any layman's explanation of this whole process. Thanks soooo much! Deanne B.

The order information is stored in a MySQL database on PowWeb's server. While access is password-protected, it is not completely secure.

If you are using the "Credit Card" module that simply accepts the credit card information for you to process manually, the default is that the info is stored in the database and you would get it through your osCommerce admin panel (which you need to password-protect as described in the sticky topics above.) You should also access the admin panel through an https connection in order to keep the information confidential as it is sent to your browser. Be sure to define the HTTP_SERVER in the admin/includes/configure.php to be your httpS URL.

There is a setting for the Credit Card module where it can "send split credit card emails". If you use this, which I recommend, it will send you an e-mail with just the middle 8 digits of the cc number and nothing else other than the order number. In the database, the rest of the number will be stored (with the middle 8 digits replaced by X. This means that the whole number is not in any one place, making it very difficult for someone to steal the info.

There is also a contribution which makes it easy to remove the cc info from the database once you have completed an order.

Be sure to also protect your database backups!

Steve,

Thank you sooo very much for your help... I greatly appreciate it...

By the way, you wouldn't happen to know if there are any good
books out there that will take you through the process of setting
up the osCommerce shopping cart program, step-by-step, would
you?

Thank you so much again...

Deanne B.

An osCommerce book? Haven't heard of one, and it would likely be obsolete by the time it saw print.

I sympathize with your desire for a clear and well-written guide to setting up osC. It just doesn't exist. There is a rather feeble attempt at such in the osCommerce "wiki" documentation site, but it's more a random collection of "hey, this looks good, let's try this" tips.

The approach I suggest is to install a copy off to the side and play with it. See what you like and what you don't. Learn PHP to at least a basic level - this is pretty much a requirement for osC. I found the book "Programming PHP" from O'Reilly Press to be good. Make the changes to give the store a look more "your own". Consider one of the "template system" contributions (I haven't used those myself.) Search the osCommerce community forum for help with common problems (such as getting "osCommerce" out of the title bar and how to change "Let's See What We Have Here".)

It took me several months to get to the point where I would be willing to show my store to the public, and I'm still making changes. Where features didn't exist, I invented them. Others I installed from "contributions".

If you're not comfortable with the idea of diving into the PHP code and changing it, sometimes in significant ways, then you may want to look for another solution. osCommerce does a lot, and it's quite good, but it's definitely a "get your hands dirty" system.

Steve,

Well, you've certainly given me a lot to think about. Thank you so very
much for your information and advice. I greatly appreciate the time and
effort you've taken to answer all of my questions.

Thanks so much again...

Deanne B.