I found two promising shopping cart systems. One system e-mails CC info in an unencrypted message, saying that "it's much better than storing the # on the server".[nbsp][nbsp]The other stores the entire order on the server and utilizes a https connection (password protected) to view it.

I know that neither solution is ideal. I also know that the "shopkeepers" that will be receiving the orders are not computer geeks-PGP is probably out.

*IS* one better than the other?

Non-secure email is never good for sending credit card information. Giving your users a feeling of security by using 128 bit encryption on your form, only to turn around and email the same information in the clear, is misleading at best...

The second method is better, as long as the information is stored somewhere that nobody can access. As long as it is *not* within your /www/ tree, people will not be able to view the information. Also, of course, password protect whatever script or page is going to display the information - SSL does no good if anyone can get to it.

Hope this helps.

------------------
Justin Nelson
FutureQuest (http://www.FutureQuest.net/index.php) Support

BOTH of the implementations you outlined are the ones that have recently received press coverage due to someone "stealing" credit card information from the servers or from email traffic.

USE NON-ENCRYPTED METHODOLOGIES AT YOUR OWN PERIL

You run a great risk with these methods. The risk is that if anyone ever does "hack" the card info, you will lose your merchant account (probably never getting another one) and therefore end your "online" business career forever!

Rich

Update:[nbsp][nbsp]I've found two carts that allow PGP encryption of the e-mailed orders.

http://www.cgicentral.net/index.shtml looks promising, although the web site is a little tough to work through. Looks professional grade, price is right, and they list a slew of customer's sites. The UI of the cart isn't the prettiest in the world, but it may be customizable enough to fix.

Dansie shopping cart has a module that also allows PGP encrypted email. However, I've found some questionable, unadvertised "features". I won't repeat them here, but search usenet for "dansie" "cart" "back door"[nbsp][nbsp]:-)

Opinions appreciated as always.

Justin, just to clarify. Does your statement include the www/Secure_Server "tree"?[nbsp][nbsp]In other words, is there a difference from an adversary's viewpoint, from accessing files in this directory as opposed to /www ?? I'm guessing since they both serve files to browsers that they're both equally vulnerable to files stored within?

The fact that the site uses SSL is irrelevant. Most hackers will most likely have an SSL capable browser, thus if you have, for example:

/www/Secure_Server/credit_cards.txt

The hacker can simply visit https://secure.yourdomain.com/credit_cards.txt and view the goods. The only difference here is that another hacker won't be able to intercept the data while it is being transfered to the first hacker - they will have to visit the above URL all on their own via their own Secure connection ;)

This is of course assuming they can find a way to find out where this file is and what it's called, but if (for example) you are using a freely available (or commercially available) shopping cart that does this, anyone can quickly find out where it stores its info at. Think of all the UBB exploits... wouldn't be any different if the UBB were SSL...

To summarize: SSL alone is not nearly enough. That protects the data during one step of a process that can include many steps. There is still the matter of storing the data, retrieving/processing the data, and so on...

------------------
Justin Nelson
FutureQuest (http://www.FutureQuest.net/index.php) Support