Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Secure Email Order System?

Status
Not open for further replies.
Baldwin238

Baldwin238

Technical User
Joined
Feb 23, 2005
Messages
68
Location
US
Question. If I want to set up an email based order system (via a form) what is the best and most secure way to handle it? (ex...The person I want to set up the site for, wants people to order items via filling out a form and then it will be emailed to the seller. In this form, they will enter all customer info, item desired and credit card info) Once the seller receives the info, he will process it at his actual store.
I want this to be secure for the customer though. Any help or a nudge in the correct direction would be appreciated. Thanks in advance.
 
Sort by date Sort by votes
Will the mail and the website be hosted on the same server?

If so a SSL connection to the users POP3 box is about as good as it can for this application.

I would suggest securely processing the orders online rather than sending the information via email for offline processing though.

There are alot more liabilities in handling orders that way versus processing it entirely online or at least keeping the users information in a secure location online to be reviewed manually. Imagine if a virus threat or spyware application farmed the users email box and forwarded out a customers identity/payment information?

In addition, there are new rules coming up from Visa/Mastercard regarding the storage of customer payment information. My suggestion has always been that unless you have a recurring need to bill someone, delete their payment information promptly from your database.

If you need a decent cart system, that has served me well, we have been mostly happy with the product from They are slow to respond to custom development request even after you pay them a deposit though - watch that part.. The product itself is fairly sound though and reasonably priced. There are other solutions out there to such as OScommerce - its open source! You can't beat the price :). Used with the right payment processing gateway and a policy to remove customers payment information (not sure if you can automated that or not) after a predefined time & properly setup hosting account it can do a great job as well.

I don't claim to be an ecommerce expert, but.. I hope that helps.

Thanks.
 
Upvote 0 Downvote
if you do plan on hosting your own...you need to invest in public certificates (like you will need for SSL), and set up a CA if you want to secure transactions back to SQL or what have you. that opens your options way up.

either way, talk them into a good budget to cover everything

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question Question
Help Please, Trying to Convince Company Mixing Personal and Corporate Email is Bad Practice
Replies
9
Views
1K
DrB0b
DrB0b
maybeimaleo
  • Locked
  • Question Question
AirWatch Secure Email Gateway
Replies
2
Views
393
maybeimaleo
maybeimaleo
Areyouforreal
  • Locked
  • Question Question
System Tool Removeal
Replies
1
Views
252
iolair
iolair
bflowers
  • Locked
  • Question Question
Keri Door Systems Controller Communication with Doors Program
Replies
1
Views
448
bflowers
bflowers
felix58
  • Locked
  • Question Question
proper programming of a new dsc security system using the keypad
Replies
0
Views
294
felix58
felix58

Part and Inventory Search

Sponsor

Back
Top