Many merchants have online forms that emails the results to them with the customer order information. The real danger happens where the information isn’t encrypted every step of the way. I’m going to go over a quick guide on how to make sure if you do this, that information is never left exposed to hackers.
Because the Internet is made up of interconnected computers, hackers run what’s called a packet sniffer looking for 15 (American Express) and 16 digit (MasterCard and Visa) numbers and then they check to see if it’s a credit card number. Many times, in a captured packet is also the CCV number and expiration date and other customer information.
The basics are if you have an SSL certificate at your domain and your order form uses https, then it’s encrypted between the customer and your web site when they fill out the form. What your server does with that information when sending it to you is key. If it’s emailing to your Yahoo account or ISP mailbox, then it’s going through 20-30 other computers, with the information there for the taking by anyone along the way with a packet sniffer running.
The way to be sure it’s secure is to first only email the results to the domain you have the SSL certificate with. Then retrieve the email using SSL for your connection. Most email programs like Outlook or Eudora have this available, but you usually have to go in settings and make sure it forces SSL when retrieving your mail from that box.
I’ve worked with a lot of small business owners and virtually all of them who were accepting orders with a form and had the results sent to a free mailbox or another domain. One tried to do recurring billing and found an alarming number of customers cards didn’t work anymore. He called some and they all said their credit card had unauthorized charges to they cancelled it and got a new one. If you have a merchant account, there’s fines for not processing securely, which start at around $50,000. Even if never discovered, it’s a huge amount of pain to put customers through over something that’s pretty easy to fix.
Merchant Accounts
March 27th, 2010 at 2:59 pm
Just wanted to say I loved the information you had here will deff help me out. Thanks!
March 28th, 2010 at 9:42 pm
It is strange how many different sites the internet has on this subject. I don’t know if I will have to be back, but it is good to know I found the one that provides some useful information if this ever comes up for me another time.
March 29th, 2010 at 6:47 am
I don’t usually post but I enjoyed your blog a lot, thanks alot for the great read.