Credit Card
Moderator: General Moderators
Credit Card
How safe is it to have credit card details emailed in a form and then processed manually ?
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Credit Card
I would guess that it is probably illegal in most places to do that or would also probably be in violation of the credit card's rules.spartan7 wrote:How safe is it to have credit card details emailed in a form and then processed manually ?
(#10850)
- Buddha443556
- Forum Regular
- Posts: 873
- Joined: Fri Mar 19, 2004 1:51 pm
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
- akimm
- Forum Contributor
- Posts: 460
- Joined: Thu Apr 27, 2006 10:50 am
- Location: Ypsilanti Michigan, formally Clipsburgh
Ok, maybe I don't know what I'm talking about, but I can say a few things I think are helpful 
1) use POST not GET in any instance of important info exchange.
2) if you use sendmail or mail() there are many problems, use something like swiftmailer.
3) this is where I speculate, bare with me, but why not use serialize() so the data not *normally* human readable, ( I use astrisks on normally, because I wonder if a few geniuses on this site can read bianary hehe).
I hope this was helpful.
1) use POST not GET in any instance of important info exchange.
2) if you use sendmail or mail() there are many problems, use something like swiftmailer.
3) this is where I speculate, bare with me, but why not use serialize() so the data not *normally* human readable, ( I use astrisks on normally, because I wonder if a few geniuses on this site can read bianary hehe).
I hope this was helpful.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
This is what we call security through obscurity, which infact is not security at all. POST content can be sniffed just as easily at GET content.akimm wrote:1) use POST not GET in any instance of important info exchange.
Once again, a simple unserialize will retrieve the original data. Not safe.akimm wrote:3) this is where I speculate, bare with me, but why not use serialize() so the data not *normally* human readable, ( I use astrisks on normally, because I wonder if a few geniuses on this site can read bianary hehe).
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
I don't see any uncertainty - sending a CC number by email is simply not done. So don't do it. If someone wants your credit card number for a regular service payment they should have a self or 3rd party service under SSL - not email. If it's a once off payment between parties you should consider exchanging payment through Paypal.