Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Double secure email


fiedlerh

Recommended Posts

Can someone please expalin "double secure email". I was told by IT we must only use our "double secure email" address to process credit card orders (we process them offline). Plenty of topics on secure email, just wondering how this extra layer of security is implemented to make emailing of CC numbers magically OK.

Link to comment
Share on other sites

Can someone please expalin "double secure email". I was told by IT we must only use our "double secure email" address to process credit card orders (we process them offline). Plenty of topics on secure email, just wondering how this extra layer of security is implemented to make emailing of CC numbers magically OK.

 

 

If in reality you are talking about the "Split-Email" function in the cc module..this is what it does...

 

When a cc order is processed half the cc number is ent by email to the store owner and half the number is stored in the mysql db.

 

Ie.

 

If anyone intercepts your email , they will only get half a number..usless them..

 

If someone hacks your db..they will only get half a number..usless for them...

 

So to get the better of you..a hacker would have to both intecept your email and gain access to your db to be able to gain fully usable info on credit cards used..hence the term double security...

 

This is just a guess, but it might actually hit the bullseye.... :D :lol: :D

Link to comment
Share on other sites

If in reality you are talking about the "Split-Email" function in the cc module..this is what it does...

 

When a cc order is processed half the cc number is ent by email to the store owner and half the number is stored in the mysql db.

 

Ie.

 

If anyone intercepts your email , they will only get half a number..usless them..

 

If someone hacks your db..they will only get half a number..usless for them...

 

So to get the better of you..a hacker would have to both intecept your email and gain access to your db to be able to gain fully usable info on credit cards used..hence the term double security...

That's what it seems like to me as well. You can "double up" by making the split credit card email address a secure one that's only accessible via ssl (https). Making an ssl connection between the osC email function and that secure email account is another story. It will be possible but I've not thought out how to do it.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

I think the main selling point (and a very valid one) of an SSL connection from your client to the server is that your login credentials are protected. Non-SSL email connections send your log-in credentials in plain text and can be intercepted.

 

Since the email itself is once again insecure after leaving the SMTP server for delivery (no SSL), the protection SSL gives to your email on the way to the SMTP server is fleeting at best and is really outweighed by the fact that 100% of its routing (and likely storage) after that is insecure.

 

If you need the email itself to be secure / encrypted, you need to look at PGP, GnuPGP or similar encryption schemes.

 

I found this tidbit on another forum, could "double secure" mean the body of the email is encrypted as well? I had assumed secure email would encrypt everything.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...