Accepting Credit Card payments in FP w/SSL

[Michelle]

I have a Website designed in FP 2003 which has SSL encryption for users
making purchases Online with credit cards. When they click on submit, they
get a confirmation page and the information, including the credit card
number, is emailed to my inbox.

However, I have had complaints because the "credit card numbers" display on
the confirmation page instead of asterisks (as in: **** **** **** 1234).

Is there a way for the correct credit card information to forward to my
inbox, but display the asterisks on the confirmation page? If so, please
explain the process or HTML in clear detail.

 

[Kevin Spencer]

Hi Michelle,

You have more problems than you realize:

When they click on submit, they
get a confirmation page and the information, including the credit card
number, is emailed to my inbox.

What's the point of encrypting the HTTP transmission when you send their
Credit Card number in clear text via email? Encryption prevents packet
sniffers from being able to read the message as it travels to and from the
browser. But unless you encrypt the email, packet sniffers can sniff your
emails.

Now to your main problem: The Credit Card number displaying on the page is
indeed a security risk, especially since the Temporary Internet Files folder
on the client retains a copy of the page.

As to how to fix it, well, it depends on how the form and form handler work
in the first place. Believe it or not, there are many types of server-side
form handler apps. What can you tell us about yours?

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
What You Seek Is What You Get.