Forestshopkeeper Posted August 6, 2006 Share Posted August 6, 2006 I am curious as to the security of using SSL on the site and using the CC payment module without a gateway. What do I have to do to secure the CC numbers entered into the site. I have been reading and am aware that the consensus is to use a gateway, but I am not ready for that. I just want to know if using the SSL will secure the transaction and what else I have to do security wise? Jim Quote Link to comment Share on other sites More sharing options...
Guest Posted August 6, 2006 Share Posted August 6, 2006 SSL only secures communication between the customer's computer and your webserver. Using the stock CC module once they have sent their CC details in their order they are stored unencrytped in your database or sent via plain text email. SSL or not will not change this. This means they are vulnerable to hackers obtaining peoples card details. Storing details in this manner is against Visa/mastercard's regulations (PCI) - they have extensive requirements (such as details stored on a separate server to the webserver, inaccesible over the internet, physically secure, detailed audit of all access etc etc) and you if caught you could lose your merchant account or even a large fine - gateways/payment processors take on the costs and risks on your behalf. Quote Link to comment Share on other sites More sharing options...
Forestshopkeeper Posted August 6, 2006 Author Share Posted August 6, 2006 SSL only secures communication between the customer's computer and your webserver. Using the stock CC module once they have sent their CC details in their order they are stored unencrytped in your database or sent via plain text email. SSL or not will not change this. This means they are vulnerable to hackers obtaining peoples card details. Storing details in this manner is against Visa/mastercard's regulations (PCI) - they have extensive requirements (such as details stored on a separate server to the webserver, inaccesible over the internet, physically secure, detailed audit of all access etc etc) and you if caught you could lose your merchant account or even a large fine - gateways/payment processors take on the costs and risks on your behalf. Thank you Tom. That is good info to get me started. Jim Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.