Guest Posted February 26, 2003 Share Posted February 26, 2003 I have installed the CVV2 and Switch Contribution and everything works fine the customers end, but when emails are sent to us to process we do not have the following information. Credit card type Credit card number Name on the card Expiry date Start date for switch Security code from back of card - CVV2 Can anyone please help me. Cheers J Quote Link to comment Share on other sites More sharing options...
jon_l Posted February 26, 2003 Share Posted February 26, 2003 Why do you need all that info emailed to you? It is all available online. Having it all sent via email would be quite a big security risk. Most users will just have the middle 8 digits from the card number emailed to them, then collect the rest of the details from the order online. Jon. Quote Link to comment Share on other sites More sharing options...
Guest Posted February 26, 2003 Share Posted February 26, 2003 The reason I asked this was because, when viewing the information via the backend, the page is not secure and my customer is worried about that. What do you think is the best way to set it up. Cheers J Quote Link to comment Share on other sites More sharing options...
Justin Posted February 26, 2003 Share Posted February 26, 2003 Sending this information via email isn't very secure either, given how many gateways it can pass through to get to its destination. On my site, the admin module has three layers of protection: (1) The admin directory is password protected via an .htaccess file. (2) I use the Administrators contribution to restrict access to the admin panel. (3) All communication with the admin module is done via secure HTTPS (using SSL). While I suppose you could send encrypted email messages, I believe the above methods are more useful in the long run. Hope this helps, Justin Quote Link to comment Share on other sites More sharing options...
jon_l Posted February 26, 2003 Share Posted February 26, 2003 The first thing to do is to get the admin screens running via SSL. - Is the site secure via SSL on the front end? - Why can't the back end be SSL? And if you haven't protected the admin directory, with .htaccess (or the administrators logon) then this is another priority - .htaccess would be the preferable option (though both is better). The other thing you can do is change the name of the admin directory. Make sure the option to email the middle section of card numbers is also active. You really do not want to send this information via email, even if it is encrypted. Jon. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.