Email Credit Cards

[SoniCraze]

How do it set it up so that the credit card numbers will be emailed to be and not only in the admin section under pending orders?

 

Thanks

[Guest]

not a good idea as anyone can intercept the email. Very bad for security.

I wouldnt even recommend that you leave them on the unsecure admin area.

 

I would suggest putting the admin area in a secure part of your site.

 

Regards

 

PR

[Daemonj]

I definitely have to agree with everything that proy stated.

[Guest]

I had a customer place an order with me on wednesday, the order details gave a mobile number, and a yahoo email.

 

Luckily i have a company i use in the UK, that will (for free) check the status of the card and validity without actually charging the card.

 

The order was for over ?1000.00.

 

I think we (the osc users) should get together and design a free site for logging such information. This would help everyone with a site to prevent cc fraud.

 

Will you help with the site and pass the word if i start designing a site daemon? I will cover all hosting etc etc and the site but we need feedback

 

Regards

 

PR

 

PS - we could even cover security tips etc for osc users

[Daemonj]

Actually there is already someone doing that very thing. Search through the foums and you will find the thread. Note that it is not a topic but mentioned in a response to a topic. I think that discussion was about 3 weeks ago and was concerning credit card blacklists.

 

It might even be in the contribution topic for the cc blacklist but I cannot remember.

[Guest]

Ive looked at the site in question and you have to pay to join.

 

I dont think people should pay for this kind of thing. There is enough people out there that could put a little bit of time contributing to the site.

 

Regards

 

PR

[Guest]

I would be happy to provide the hosting and db space required to set something like this up at no cost.

 

I have a cc contribution that utilises a blacklist feature but at present i do not have any cards to blacklist.

 

Anyone interested in taking this further?

 

 

cheers

barry

[Daemonj]

What kind of information are you looking to obtain/track?

[Guest]

hi barry, its been a while.....

 

 

well i can provide all of that but sure if you want to host it, cool or i can whatever.

 

Perhaps we could design a contribution that adds an alert into the admin when a new number has been submitted or provides a link into new site.

 

This thing shouldbe totally free and if we get enough members or users, it will be worth the effort.

 

Im really keen on getting this thing off the ground.

 

Regards

 

PR

[Daemonj]

Why not set it up to pull the data from the site when the card information is entered?

 

That way the user does not have to worry about updating the file and they are always checking against the latest and greatest information.

[Guest]

i like that idea but im not sure how we could do that.

 

But cool..................keep them coming

 

PR

[Guest]

I was thinking of something along those lines, instead of reading from the stores local db, read from a remotley hosted file.

 

 

cheers

barry

[Guest]

could we formulate some kind of plan for the site.

 

I know we need to integrate it into OSC but i would like to have some kind of third party site so other users can join. Also we can also post tips on security, how to setup and install SSL and things like payment gateways etc..

 

I think these would be very useful

 

Regards

 

PR

[Guest]

First off, if we could employ some sort of content management system so that we could have a core of administrators to set up members update site content etc....kind of speaks for itself really.

 

For the data itself we just need to provide a file that can be easily referenced from not just osc alone.

To tie in with osc i think we should have a process in the cc mod that imports into/updates the contents of the cc_blacklist table in the local db from a delimited file stored with us, that way the data is stored on the local server and the onus is on the site owner/admin to update his/her cc_blacklist table on a regular basis. This should cut down on server load/traffic.

 

 

Things we need;(add to this list)

 

Suggestions for a good CMS

Improvements or better suggestions to integrate into osc.....

 

 

I'll leave this open ended.

Post your suggestions and we'll formulate some sort of plan.

 

 

cheers

barry

[Guest]

Well the only CMS i know about is postnuke but im sure there are simpler ones about.

 

could we not provide a CSV updated list or something but maybe that would be too much like hardwork for the user but we need something that doesnt involve hassle because people will just abandon it.

 

I suppose we need to find a method in which to transport the information from OSC or any other cart. SO some generic way would be best (just thinking out loud)

 

well at the min, im working on the front end which for the moment i want to keep simple.

 

I will post a screen shot when im nearly done, this will give us a canvas and ideas in which to go forward.

 

Regards

 

PR

[Guest]

you might want to checkout www.hotscripts.com in the php section there are one or two :) cms scripts to be had.

 

 

cheers

barry

[Guest]

Unless i become the moderator and add the data myself, i suppose that way we can proof anything that goes on there.

 

I suppose that would be easier than CMS..........maybe that could get a bit messy.

 

PR

[Druide]

i will be happy to help out with coding if you need it,

at least trying to solve this matter.

 

Nobody want orders from stolen cc, it's just too much hassle to get your products back and ofcourse this only costs money.

 

So let me know by PM

 

i cannot start next 2 weeks because i am moving to my just bought house,

after that i am willing to help out coding.

[Guest]

Thanks robert,

 

Ill keep you posted on design and a possible roadmap, we need somewhere to start.

 

We can take comments from there

 

Regards

 

PR

[SoniCraze]

ahh yea back to me :-P

 

so i should just keep that info in the admin panel? does that store it in the database or a php file?

 

also just usin htta password is enoulf for the admin panel?

[Guest]

ahh yea back to me :-P

 

so i should just keep that info in the admin panel? does that store it in the database or a php file?

 

also just usin htta password is enoulf for the admin panel?

 

stored in the db, choose to have the middle eight digits emailed to you, you can go one further and install my cc contribution which allows the cc data to be encrypted in the db, which is a little more secure.

 

 

cheers

barry

[Guest]

Thanks robert,

 

Ill keep you posted on design and a possible roadmap, we need somewhere to start.

 

We can take comments from there

 

Regards

 

PR

 

what sort of info would we want to carry on the site;

 

tips and tricks

ssl

cc security

About fraud

and so on.....(suggestions?)

 

I'll have a look at a cms system, hopefully set something up and get back in touch.

 

 

cheers

barry

[judgej]

not a good idea as anyone can intercept the email. Very bad for security.

 

Though not OSC, I have a site that encrypts the e-mail contents using PGP then e-mails the encrypted version. The code is at http://www.academe.co.uk/pn/FEproc.shtml - snip out the bits you need from function feproc_standardapi_unixpgp5encode() in pnstandardapi.php to do the actual encoding.

 

It will only work under Unix, but it does the job and has certainly proved its worth. I always leave a bit of the e-mail non-encrypted, so there is enough plain text to contact the customer in the event that the e-mail could not be decrypted.

 

-- JJ

[Daemonj]

The information in the Admin panel is in the database.

 

You can never have enough security, especially when concerning a customer's personal and financial information. ;)

 

It is highly advisable to delete the CC information after the order has been processed. There is a contribution that provides for this to be easily performed.

[Guest]

well guys, ive finally got something for us to make a start.

 

Have a look at http://www.cartresource.com

 

I didnt reallty have time to really think of a great name so i chose and registered the above.

 

Comments at this stage would be greatfully appreciated.

 

i would also like to draw up a list of moderators so i can provide access to the web folders etc.

 

Regards

 

PR