[ic] CC Encryption

[Dan Browning]

At 03:22 AM 6/12/2002 +0100, you wrote:
> >
> > Does Interchange have the ability to send the credit card number in the 
> clear
> > via email with each order, or does someone already have a patch to do 
> so? I
> > want to switch over to Interchange for my offering, but having the users
> > setup PGP on their machines is probably too much to ask, some of them can
> > barely do email at all, I just want the option to do it in the clear 
> (this is
> > how my current solution deals with it as well).
> >
>Interchange does not send out credit card details in the clear, either
>by default or via an option you can switch.  Interchange does not even
>store credit card numbers in a user's session.
>
>While I'm sure that this facility could be hacked in, I'm also sure that
>you'd be making a mistake by doing so.  Do you make use of a secure web
>server when collecting credit card details?  If so then ask yourself why.

Why hack it into Interchange at all?  There are plenty of form mailer 
.cgi's out there.  :-)  While you're at it, might as well pick one out that 
can be easily abused by spammers to send out "get a merchant account $!" spams.


+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Dan Browning, Kavod Technologies <db@kavod.com>
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"His great aim was to escape from civilization, and, as soon as he had
money, he went to Southern California."