 | |
encrypted e-mails from script/cgi
Website Design comp.infosystems.www.authoring.site-design
 |
| | Thread Tools | Display Modes |
#11
 
| |||
| |||
|
Re: encrypted e-mails from script/cgi -
01-14-2005
, 04:58 PM
|
In article <Xns95DE917498653znzn122eduinvalid (AT) 216 (DOT) 196.97.131>, zn <zn (AT) zn122 (DOT) edu.invalid> wrote: "rf" <rf@.invalid> wrote in news:AeJFd.117916$K7.40059@news- server.bigpond.net.au: "zn" <zn (AT) zn122 (DOT) edu.invalid> wrote "rf" <rf@.invalid> wrote in news:gdEFd.117383$K7.65209 (AT) news-server (DOT) bigpond.net.au: And how usefull would it be to the email client you send it to? You should be using HTTPS and a secure server side process, not email. The server already is configured for https. How do you define secure server side process? Are you referring to having php write to a database? I am now totally lost. You originally talked about sending the data vie email. To quote: "the e-mail sent to my e-mail account" Once again, if you encrypt an email (however you do it) what is the client going to make of it? And, if you are processing it on a server somewhere, why do you *need* to email it anywhere? Perhaps if you re-state exactly what you are doing and intend to do. I have read references to off-the-shelf "commerce servers" that can e- mail encrypted credit card orders for off-line processing in the office using traditional credit card swipe machines. Supposedly, after the consumer places the order, the e-mail is sent to the company and they process the order. At the company, there has to be a way to decrypt the encrypted e-mail message (PGP? or is there another system of sending encrypted e-mail). Basically, I'm trying to find a way to accept a small amount of daily orders over the web at my company. I'd like to do something simple like having a form with a submit button, which when clicked would submit the data to us. We're not far enough along knowlege-wise right now (obviously!) to setup something with online credit card processing. And right now we'd like to avoid stepping into having to setup something MySQL based. Sorry about not being clearer and my earlier hasty response. Thanks. Well, I'd start reading some books. Start with the O'Reilley articles (http://www.ora.com) on e-commerce and security. http://www.oreilly.com/catalog/websec2/index.html might be a good place to start. I suspect the credit card terminals use an encryption scheme that's know to the server with which they connect. The server decodes and processes the transaction and sends the email to the vendor. There's no need to do something like this at all. Your approach of trying to do encrypted email is a case in point--a little knowledge is a getting in the way of solving this business problem. What we did to charge credit cards our site was to start by setting up a merchant account with a clearing house to process credit card transactions. They gave us access to their secure web site to do "virtual terminal" transactions by entering the credit card information by hand from US mail orders. Customers were sent email confirming the charge if they supplied it to us. Using the clearing house's very complete technical specs, we created a form which collects information from the customer from the secure web server offered by our ISP. The form, when the customer submits it, runs a perl script that contacts the clearing house (also using SSL web connection) and submits a form with the various fields filled in collected from the customer's form. The clearing house takes it from there, verifying and emailing the customer (and us) of the transaction. Others have suggested setting up an e-commerce module to do this. That would work as well. The key to the encryption is the SSL server, which is doing the encryption you asked about. You need to revisit your idea of "rolling your own" encrypted email and do this right from the start. If you don't have skills to do that, hire them or delay the project until you can do it yourself. |
great way to go. Do you know the name of a clearing house off the top of
your head?
#12
| |||
| |||
|
|
Michael Vilain <vilain (AT) spamcop (DOT) net> wrote in news:vilain-AFF581.13203514012005 (AT) news (DOT) giganews.com: In article <Xns95DE917498653znzn122eduinvalid (AT) 216 (DOT) 196.97.131>, zn <zn (AT) zn122 (DOT) edu.invalid> wrote: "rf" <rf@.invalid> wrote in news:AeJFd.117916$K7.40059@news- server.bigpond.net.au: "zn" <zn (AT) zn122 (DOT) edu.invalid> wrote "rf" <rf@.invalid> wrote in news:gdEFd.117383$K7.65209 (AT) news-server (DOT) bigpond.net.au: And how usefull would it be to the email client you send it to? You should be using HTTPS and a secure server side process, not email. The server already is configured for https. How do you define secure server side process? Are you referring to having php write to a database? I am now totally lost. You originally talked about sending the data vie email. To quote: "the e-mail sent to my e-mail account" Once again, if you encrypt an email (however you do it) what is the client going to make of it? And, if you are processing it on a server somewhere, why do you *need* to email it anywhere? Perhaps if you re-state exactly what you are doing and intend to do. I have read references to off-the-shelf "commerce servers" that can e- mail encrypted credit card orders for off-line processing in the office using traditional credit card swipe machines. Supposedly, after the consumer places the order, the e-mail is sent to the company and they process the order. At the company, there has to be a way to decrypt the encrypted e-mail message (PGP? or is there another system of sending encrypted e-mail). Basically, I'm trying to find a way to accept a small amount of daily orders over the web at my company. I'd like to do something simple like having a form with a submit button, which when clicked would submit the data to us. We're not far enough along knowlege-wise right now (obviously!) to setup something with online credit card processing. And right now we'd like to avoid stepping into having to setup something MySQL based. Sorry about not being clearer and my earlier hasty response. Thanks. Well, I'd start reading some books. Start with the O'Reilley articles (http://www.ora.com) on e-commerce and security. http://www.oreilly.com/catalog/websec2/index.html might be a good place to start. I suspect the credit card terminals use an encryption scheme that's know to the server with which they connect. The server decodes and processes the transaction and sends the email to the vendor. There's no need to do something like this at all. Your approach of trying to do encrypted email is a case in point--a little knowledge is a getting in the way of solving this business problem. What we did to charge credit cards our site was to start by setting up a merchant account with a clearing house to process credit card transactions. They gave us access to their secure web site to do "virtual terminal" transactions by entering the credit card information by hand from US mail orders. Customers were sent email confirming the charge if they supplied it to us. Using the clearing house's very complete technical specs, we created a form which collects information from the customer from the secure web server offered by our ISP. The form, when the customer submits it, runs a perl script that contacts the clearing house (also using SSL web connection) and submits a form with the various fields filled in collected from the customer's form. The clearing house takes it from there, verifying and emailing the customer (and us) of the transaction. Others have suggested setting up an e-commerce module to do this. That would work as well. The key to the encryption is the SSL server, which is doing the encryption you asked about. You need to revisit your idea of "rolling your own" encrypted email and do this right from the start. If you don't have skills to do that, hire them or delay the project until you can do it yourself. Thanks for all of the details! The clearing house method sounds like a great way to go. Do you know the name of a clearing house off the top of your head? |
I found some info on Google. Here's a link:
http://www.elsop.com/wrc/in_card.htm
#13
| |||
| |||
|
|
In article <Xns95DEAC8E13409znzn122eduinvalid (AT) 216 (DOT) 196.97.131>, zn <zn (AT) zn122 (DOT) edu.invalid> wrote: Michael Vilain <vilain (AT) spamcop (DOT) net> wrote in news:vilain-AFF581.13203514012005 (AT) news (DOT) giganews.com: In article <Xns95DE917498653znzn122eduinvalid (AT) 216 (DOT) 196.97.131>, zn <zn (AT) zn122 (DOT) edu.invalid> wrote: "rf" <rf@.invalid> wrote in news:AeJFd.117916$K7.40059@news- server.bigpond.net.au: "zn" <zn (AT) zn122 (DOT) edu.invalid> wrote "rf" <rf@.invalid> wrote in news:gdEFd.117383$K7.65209 (AT) news-server (DOT) bigpond.net.au: And how usefull would it be to the email client you send it to? You should be using HTTPS and a secure server side process, not email. The server already is configured for https. How do you define secure server side process? Are you referring to having php write to a database? I am now totally lost. You originally talked about sending the data vie email. To quote: "the e-mail sent to my e-mail account" Once again, if you encrypt an email (however you do it) what is the client going to make of it? And, if you are processing it on a server somewhere, why do you *need* to email it anywhere? Perhaps if you re-state exactly what you are doing and intend to do. I have read references to off-the-shelf "commerce servers" that can e- mail encrypted credit card orders for off-line processing in the office using traditional credit card swipe machines. Supposedly, after the consumer places the order, the e-mail is sent to the company and they process the order. At the company, there has to be a way to decrypt the encrypted e-mail message (PGP? or is there another system of sending encrypted e-mail). Basically, I'm trying to find a way to accept a small amount of daily orders over the web at my company. I'd like to do something simple like having a form with a submit button, which when clicked would submit the data to us. We're not far enough along knowlege-wise right now (obviously!) to setup something with online credit card processing. And right now we'd like to avoid stepping into having to setup something MySQL based. Sorry about not being clearer and my earlier hasty response. Thanks. Well, I'd start reading some books. Start with the O'Reilley articles (http://www.ora.com) on e-commerce and security. http://www.oreilly.com/catalog/websec2/index.html might be a good place to start. I suspect the credit card terminals use an encryption scheme that's know to the server with which they connect. The server decodes and processes the transaction and sends the email to the vendor. There's no need to do something like this at all. Your approach of trying to do encrypted email is a case in point--a little knowledge is a getting in the way of solving this business problem. What we did to charge credit cards our site was to start by setting up a merchant account with a clearing house to process credit card transactions. They gave us access to their secure web site to do "virtual terminal" transactions by entering the credit card information by hand from US mail orders. Customers were sent email confirming the charge if they supplied it to us. Using the clearing house's very complete technical specs, we created a form which collects information from the customer from the secure web server offered by our ISP. The form, when the customer submits it, runs a perl script that contacts the clearing house (also using SSL web connection) and submits a form with the various fields filled in collected from the customer's form. The clearing house takes it from there, verifying and emailing the customer (and us) of the transaction. Others have suggested setting up an e-commerce module to do this. That would work as well. The key to the encryption is the SSL server, which is doing the encryption you asked about. You need to revisit your idea of "rolling your own" encrypted email and do this right from the start. If you don't have skills to do that, hire them or delay the project until you can do it yourself. Thanks for all of the details! The clearing house method sounds like a great way to go. Do you know the name of a clearing house off the top of your head? We used http://merchant.authorize.net/ The office manager contacted her bank, I think, and they gave her this reference. Check with your bank to see if they have a vendor they prefer since the clearinghouse is depositing the funds electronically into your bank account. It takes the member banks a couple days to actually do the wire transfer of funds. I suspect this delay or "float" will go away soon from a recent TV News segment in our area. There's a lot of "vetting" or verification that has to happen to set this up. The initial setup cost was $500 plus a percentage of the charges processed through their site. There's other security measures involved that show that this industry has been at it for a long time (relatively). It wasn't until we had problems during a pledge drive that we ran into the clearing house's transaction limits. Because the clearing house is essentially providing a loan of the funds to your bank account, they typically limit the total amount processed per month. It's easily increased with a call to their terrific customer support people. |
directions about how to integrate their software into our webpages. It
all looks relatively easy. I'm hoping that because we already have a
credit card reader through them that it is an easy, and less expensive
than $500, to switch to their online system.
#14
| |||
| |||
|
|
In article <Xns95DE917498653znzn122eduinvalid (AT) 216 (DOT) 196.97.131>, |
[snip]
Quote:
|
Others have suggested setting up an e-commerce module to do this. That would work as well. The key to the encryption is the SSL server, which is doing the encryption you asked about. |
can be already accessed over a https protocoll.
What would I need more to let customers pay even by credit cards?
What does a customer when he or she uses a credit card on the internet?
Does he fill in some data which he could send by an encrypted form (via
SSL)?
How does the database recognize whether the data which are sent this way are
the right one?
What would I need do after receiving these data in order to get the money on
a bank account?
How much does Visa for example charge approximately to process a payment?
--
Luigi ( un italiano che vive in Svezia)
https://www.scaiecat-spa-gigi.com/sv/damskor-italien.php
#15
| |||
| |||
|
|
"Michael Vilain" <vilain (AT) spamcop (DOT) net> skrev i meddelandet news:vilain-AFF581.13203514012005 (AT) news (DOT) giganews.com... In article <Xns95DE917498653znzn122eduinvalid (AT) 216 (DOT) 196.97.131>, [snip] Others have suggested setting up an e-commerce module to do this. That would work as well. The key to the encryption is the SSL server, which is doing the encryption you asked about. The site https://www.scaiecat-spa-gigi.com can be already accessed over a https protocoll. What would I need more to let customers pay even by credit cards? What does a customer when he or she uses a credit card on the internet? |
What does a customer do when he or she uses a credit card on the internet?
Does he fill in some data which he could send by an encrypted form (via
SSL)?
How does the database recognize whether the data which are sent this way
are
the right one?
What would I need do after receiving these data in order to get the money
on
a bank account?
How much does Visa for example charge approximately to process a payment?
--
Luigi ( un italiano che vive in Svezia)
https://www.scaiecat-spa-gigi.com/sv/damskor-italien.php
#16
| |||||||
| |||||||
|
|
In article <j80Gd.14233$d5.119655 (AT) newsb (DOT) telia.net>, "Luigi Donatello Asero" <jaggillarfotboll (AT) telia (DOT) com> wrote: "Luigi Donatello Asero" <jaggillarfotboll (AT) telia (DOT) com> skrev i meddelandet news:M60Gd.14232$d5.119723 (AT) newsb (DOT) telia.net... "Michael Vilain" <vilain (AT) spamcop (DOT) net> skrev i meddelandet news:vilain-AFF581.13203514012005 (AT) news (DOT) giganews.com... In article <Xns95DE917498653znzn122eduinvalid (AT) 216 (DOT) 196.97.131>, [snip] Others have suggested setting up an e-commerce module to do this. That would work as well. The key to the encryption is the SSL server, which is doing the encryption you asked about. The site https://www.scaiecat-spa-gigi.com can be already accessed over a https protocoll. What would I need more to let customers pay even by credit cards? What does a customer when he or she uses a credit card on the internet? What does a customer do when he or she uses a credit card on the internet? Seems like you joined us in the middle of this discussion. |
Yes, but I tried to read what you wrote in the posts which the participants
of this thread wrote lately.
I hope that I am welcome..
Quote:
|
That's totally dependent on the site where they use their card. You question is ambiguous. So I'll give an ambiguous answer. The credit card is either accepted and the charge goes through right then or it's held until the order ships and _then_ the card is charged. Or the card is declined and the user is notified immediately. What happens to accomplish the credit card charge varies with the clearing house that's accepting the charge. |
Given that I already have site which is accessible over https, would I need
a clearing house to accept
a payment by credit cards or would that be only an option?
Could I process payment by credit cards on the website
https://www.scaiecat-spa-gigi.com instead of letting customers pay on the
site of the clearing house as you seem to suggest in your answer?
Quote:
|
Does he fill in some data which he could send by an encrypted form (via SSL)? The user fills in a secure page (via SSL) to collect the data. The web page has to then process the data. This can be either immediate or delayed. What the site does with this data is up to that site. Your question is to general to answer beyond this. |
Could I not get payments directly on the site
https://www.scaiecat-spa-gigi.com instead of making use of a clearing house
as you suggested?
Someone mentioned an e-commerce module to do this.
Quote:
|
How does the database recognize whether the data which are sent this way are the right one? If you mean the database on the site that's collecting the customer's credit card #, the web server/web browser use SSL, which ensures this is accurate. If you mean the clearing house's database, that's their problem, not yours. Why are you worried about it? |
I am not looking at the problem as someone who would pay but as someone who
would get the payment by credit cards
I am building the site https://www.scaiecat-spa-gigi.com myself.
I
Quote:
|
What would I need do after receiving these data in order to get the money on a bank account? You submit the data to a credit card clearing house. They've already done stuff like take a blood sample, have your family "under 24 hour "surveillance", know what color car you drive, and checked your bank accounts. The clearing house does a direct deposit of the funds (minus a transaction fee and monthly service charge) directly into your bank account. |
Do they charge these fees only if the payment is processed through a
clearing house or not?
That's usually immediate if you request it. If there's a
Quote:
|
problem, like a customer complaint or the clearing house finds the card was stolen or there's a problem, they do a charge back against your account and withdraw the money. If there's insufficient funds, they start using the information they gathered about your to "collect" the funds. So be sure to keep sufficient funds in the bank and a close eye on your family. You don't want to be receiving "parts" of one of them in the mail until you've paid up.  [I'm kidding about the ransom andparts--but they _will_ find you unless you "drop off the grid"] How much does Visa for example charge approximately to process a payment? This depends on the clearing house, the volume on the account, and your credit rating. Check with your bank to find the one they use. |
Quote:
|
Some people don't want to have to do this so they use PayPal. Some people think PayPal is evil incarnate and do other things. The trouble is is that if you want to charge credit cards, you have to do something like this. There's no legal way around it, AFAIK. |
What does "AFAIK" mean?
--
Luigi ( un italiano che vive in Svezia)
https://www.scaiecat-spa-gigi.com/sv/temperaturer-pa-sicilien.php
#17
| |||
| |||
|
|
In article <FT5Gd.127658$dP1.458635 (AT) newsc (DOT) telia.net>, "Luigi Donatello Asero" <jaggillarfotboll (AT) telia (DOT) com> wrote: |
[Snip]
Quote:
|
Seems like you joined us in the middle of this discussion. Yes, but I tried to read what you wrote in the posts which the participants of this thread wrote lately. I hope that I am welcome.. No problem. Come on in. The water's fine. That's totally dependent on the site where they use their card. You question is ambiguous. So I'll give an ambiguous answer. The credit card is either accepted and the charge goes through right then or it's held until the order ships and _then_ the card is charged. Or the card is declined and the user is notified immediately. What happens to accomplish the credit card charge varies with the clearing house that's accepting the charge. Given that I already have site which is accessible over https, would I need a clearing house to accept a payment by credit cards or would that be only an option? Could I process payment by credit cards on the website https://www.scaiecat-spa-gigi.com instead of letting customers pay on the site of the clearing house as you seem to suggest in your answer? Yes. You need a credit card clearing house setup to bill credit cards. Many don't want to do this, so they use PayPal or it's EU equivalent. |
Well, I suppose that the best thing would be to offer so many good payment
alternatives as possible.
Quote:
|
Then the process involves the customer "sending" you money via PayPal an and you "receiving" it. You need to have a verified merchant account if the volume is over a certain amount per month and PayPal takes some "off the top" as they make the funds available to you immediately like the clearing house. They also have direct access to your bank account. Could I not get payments directly on the site https://www.scaiecat-spa-gigi.com instead of making use of a clearing house as you suggested? Someone mentioned an e-commerce module to do this. Since you have to deal with banks who tend not to trust people very much, I would tend to doubt it. If you manage to find a bank that will process your transactions without a clearing house, they probably won't deposit the funds immediately and require a 10-14 day "hold" period on the deposit just like a cheque/check. |
by cash on delivery. If a customer should pay to me with this system, I
would do not get the money at once either...
I assume that banks want to be sure that the customer really wants to buy a
certain article before they pay. What about signing contracts online by
using the so-called qualified electronic signatures or any kind of
electronic identity card?
They could write the number of this card on a form which is encrypted and
sent to a database over https couldnīt they?
The form could also be sent to the bank so that it could see that the
customer wants to buy a certain article.
This method could be interesting if the customer wanted to to buy a program
to download for example or a password and he or she did not have any chance
of paying online. In Sweden you can also send payment orders online. How is
that in other countries?
--
Luigi ( un italiano che vive in Svezia)
https://www.scaiecat-spa-gigi.com/de/damenschuhe-italien.html
#18
| |||||||
| |||||||
|
|
In article <OwlGd.14357$d5.120570 (AT) newsb (DOT) telia.net>, "Luigi Donatello Asero" <jaggillarfotboll (AT) telia (DOT) com> wrote: "Michael Vilain" <vilain (AT) spamcop (DOT) net> skrev i meddelandet news:vilain-DDDF6B.12144715012005 (AT) news (DOT) giganews.com... In article <FT5Gd.127658$dP1.458635 (AT) newsc (DOT) telia.net>, "Luigi Donatello Asero" <jaggillarfotboll (AT) telia (DOT) com> wrote: [Snip] I already offer customers the chance of paying a ware, for example shoes, by cash on delivery. If a customer should pay to me with this system, I would do not get the money at once either... I assume that banks want to be sure that the customer really wants to buy a certain article before they pay. What about signing contracts online by using the so-called qualified electronic signatures or any kind of electronic identity card? They could write the number of this card on a form which is encrypted and sent to a database over https couldnīt they? The form could also be sent to the bank so that it could see that the customer wants to buy a certain article. This method could be interesting if the customer wanted to to buy a program to download for example or a password and he or she did not have any chance of paying online. In Sweden you can also send payment orders online. How is that in other countries? I personally would be suspicious of a site that didn't accept my credit card, allowing me to "charge it back" if I'm dissatisfied by the service rendered. |
I am considering to offer it as one of the alternative way of payments in
the future
I personally do not like sites which offer only accept credit cards as
payment system....
I
Quote:
|
This is one reason I'm leery of PayPal. |
and you were suggesting to use it because not everyone likes
paying by credit cards.
You're proposing
Quote:
|
something that probably won't go over very well here in the U.S. |
I do not know enough about the legislation in that country and
a general rule says that the law of the country where consumers come from
is the one to be applied when you sell on the internet.
I am interested in market in the EU, instead, so far, however, not to all
countries in the EU either, due to lack of knowledge of the national
legislations in this field.
Quote:
|
Whether it's workable in the EU is your gamble. Just because someone signed a contract and then breaks it, what are you going to do? Sue them? If they're in the U.S., that would be a problem of jurisdiction. I think money is the only thing that will "talk" here, but what do I know. |
accept to process credit cards or other forms of payment without a delay of
14 days without the use of a clearing house and to prevent you to get in
trouble in case the customer should deny that he or she wants to buy the
ware or the service which you charged him or her for.
Quote:
|
You're going totally outside the banking system and really on your own. |
alternatives. E-commerce has not developed yet, so much at least in the EU.
By comparison, one might count the number of little firms which sell online
and the ones which sell in the traditional way in the EU and in the USA. Do
you have any figures about that?
Quote:
|
I'd read up on network security to setup this sort of system or hire someone to do it for you. |
Do you know titles of books or adresses of websites which deal with these
subjects, which you would recommend?
( they may be in many languages but preferably in english, or italian or
swedish or german because I know these languages better than other ones at
present)
I can suggest to visit the website http://www.ebusinesslex.net
to everyone who is interested in e-commerce in the EU.
Quote:
|
Good luck with your venture and however you decide to set it up. |
Thank you. The same to you.
--
Luigi ( un italiano che vive in Svezia)
https://www.scaiecat-spa-gigi.com/de/damenschuhe-italien.html
#19
| |||
| |||
|
|
"Michael Vilain" <vilain (AT) spamcop (DOT) net> skrev i meddelandet news:vilain-B7744F.23112015012005 (AT) news (DOT) giganews.com... In article <OwlGd.14357$d5.120570 (AT) newsb (DOT) telia.net>, "Luigi Donatello Asero" <jaggillarfotboll (AT) telia (DOT) com> wrote: "Michael Vilain" <vilain (AT) spamcop (DOT) net> skrev i meddelandet news:vilain-DDDF6B.12144715012005 (AT) news (DOT) giganews.com... In article <FT5Gd.127658$dP1.458635 (AT) newsc (DOT) telia.net>, "Luigi Donatello Asero" <jaggillarfotboll (AT) telia (DOT) com> wrote: |
Quote:
|
I personally would be suspicious of a site that didn't accept my credit card, allowing me to "charge it back" if I'm dissatisfied by the service rendered. |
I am not offering customers to pay by credit cards at the moment.
I am considering to offer it as one of the alternative way of payments in
the future
I personally do not like sites which only accept credit cards as
payment system....
--
Luigi ( un italiano che vive in Svezia)
https://www.scaiecat-spa-gigi.com/de/damenschuhe-italien.html
#20
| |||
| |||
|
|
"Michael Vilain" <vilain (AT) spamcop (DOT) net> skrev i meddelandet news:vilain-B7744F.23112015012005 (AT) news (DOT) giganews.com... You're going totally outside the banking system and really on your own. I am trying to do something different: I am trying to show different alternatives. E-commerce has not developed yet, so much at least in the EU. |
You have to be careful with this, there are a number of regulations in
place which you would have to comply with. Even if you come up with a
technically viable solution you might find yourself stymied if you
cannot find one that fulfils the rules and regulations of the financial
services industry.
If you have a merchant account I suggest you speak with the people with
whom you have the account to discuss what approach they are going to be
happy with. Then you can look at technical options for that approach.
--
Nic
|
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.