Re: OT: Internet ordering
- To: "Christopher P. Lindsey" <lindsey@lorien.mallorn.com>
- Subject: Re: OT: Internet ordering
- From: t*@ps.gen.nz
- Date: Sun, 28 Jun 1998 17:46:22 +0000
- References: <199806280055.MAA22109@ps.gen.nz> from "tejdee@ps.gen.nz" at Jun 28, 98 12:48:38 pm
Hi Chris
Thanks for the reply. I hoped you would see the need for
discussion.
> OT: on the commandline -- thanks to whoever started doing that.
Yes, very useful. I will make sure it is prefaced rather than at the
end in future.
> > It has been suggested to us that, for people who have concerns
> > about security, they could send half of their credit card number with
> > the on site order form viz: 5432 1234 and the other half plus expiry
> I've dealt with this type of method before, and I REALLY dislike
> it. :) The problem is that mail doesn't always go directly from
> one machine to another; it can hop around the Internet and be
> stored on various servers. Each of these servers keeps a copy of
> the message until it forwards it on to another server, so you'd
> better be sure that you trust the system administrators at all of
> these sites.
Ok I want to get this clear.
a) Someone fills out a form on our web
site. This is filled out directly on our server isn't it?
b) We download the filled out form in the form of an e-mail from our
server. Has anyone else handled it at this stage?
c) This may only be half the credit card number and not identified to
a specific person on the address portion of any message.
d) The other half of the number arrives by personal e-mail via our
server and goodness knows how many other servers on the way. The
other servers can only have this second half of the number if my
proposition b) is correct. Is this right?
e) If the above is correct then I have only to worry about our own
server, or one of their employees. All they have to do is monitor our
mail and match, no problem for them but potentially a major one for
the cardholder. Or is it?
f) Our server is a small family business (as far as I know we are his
only even moderately commercial customer) and would be absolutely
wrecked if he let credit card numbers loose and they were abused. He
is going to be careful.
g) Re cost. Because our server is so small and we would be the only
people using the security that he has to be certificated for, he
naturally wants to pass this cost on. Getting security would
therefore mean changing our provider, something we do not want to do
because he is local, friendly and gives a good service (except for
security)
> Why not get a PGP key? They're free, come with Eudora now and
> can be used with other mailers, work outside of the United States
> as well as inside, and encrypt messages with strong encryption.
> Send me mail if you're interested in learning about this, too.
However, the bottom line is security for our customers. Would a PGP
key offer sufficient security for our clients while enabling us to
keep our current server?
Please feel free to shoot any or all of this out of the water. That
is why I wrote it.
Thanks for the help
Terry Dowdeswell
18 Henderson Ave
Tuakau, New Zealand
~~~~~~~~~~~~~~~~~~~~
Terry@delphinium.co.nz
http://www.delphinium.co.nz
~~~~~~~~~~~~~~~~~~~~
Don't Worry!!!
Our New Millennium Delphiniums are year 2000 compliant
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------
To sign-off this list, send email to majordomo@mallorn.com with the
message text UNSUBSCRIBE PERENNIALS
