PDA

View Full Version : CC# Encryption

emdmx
5-30-04, 10:26 AM
Good Morning,

How do most (if there is a common solution) shopping carts handle cc# encryption? Is PGP the standard, or GnuPG, or something else?

Also, do carts in general have an encryption engine built in, or is it on the host server? I must've overlooked this tidbit of info in all my studying.

Thanks,
John
stevel
5-30-04, 11:08 AM
If you use a payment gateway, the encryption is handled for you automatically. If you are going to be doing your own cc processing, there are various options. I will speak to osCommerce specifically.

The default credit card module in osC stores the cc number in the database unencrypted. You would access it through the admin panel. There is an option for "split credit card e-mail". If you select this, the middle 8 digits are sent to you by e-mail, the rest (with the middle 8 Xed out) is stored in the database. This way the whole number is not in one place. This is adequate for many people.

There are two osC contributions (add-ons) which provide encryption. One uses PHP's builtins to store the number encrypted, and then decrypt it "on the fly" when viewing in admin. The password is stored in the source files, so if someone can get access to that, you are vulnerable, but it does protect the database.

Another one uses gpg to encrypt the info and send it to you by e-mail. This requires that you manage to get gpg to run from PowWeb. I have seen a few others try to do this but didn't see any successes.
emdmx
5-30-04, 11:27 AM
Another one uses gpg to encrypt the info and send it to you by e-mail. This requires that you manage to get gpg to run from PowWeb. I have seen a few others try to do this but didn't see any successes.

This is interestng. (and discouraging) Is anyone out there using X-cart or Lite Commerce on Powweb servers? If so, did you get pgp to run?

John
Peter Gillett
6-12-04, 08:04 PM
:) Hi there,


you can read how to make gpg work on powweb servers at http://forum.powweb.com/showthread.php?p=217582&mode=threaded#post217582
(rather than post it all again)

cheers
Peter Gillett

Edited by stevel to make link clickable
emdmx
6-13-04, 09:25 AM
Peter, you're a genius.
Or, maybe I'm just really dumb.
Thanks allot for posting this info!