Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Secure Email Order System?

Status
Not open for further replies.
Baldwin238

Baldwin238

Technical User
Feb 23, 2005
68
US
Question. If I want to set up an email based order system (via a form) what is the best and most secure way to handle it? (ex...The person I want to set up the site for, wants people to order items via filling out a form and then it will be emailed to the seller. In this form, they will enter all customer info, item desired and credit card info) Once the seller receives the info, he will process it at his actual store.
I want this to be secure for the customer though. Any help or a nudge in the correct direction would be appreciated. Thanks in advance.
 
Sort by date Sort by votes
Will the mail and the website be hosted on the same server?

If so a SSL connection to the users POP3 box is about as good as it can for this application.

I would suggest securely processing the orders online rather than sending the information via email for offline processing though.

There are alot more liabilities in handling orders that way versus processing it entirely online or at least keeping the users information in a secure location online to be reviewed manually. Imagine if a virus threat or spyware application farmed the users email box and forwarded out a customers identity/payment information?

In addition, there are new rules coming up from Visa/Mastercard regarding the storage of customer payment information. My suggestion has always been that unless you have a recurring need to bill someone, delete their payment information promptly from your database.

If you need a decent cart system, that has served me well, we have been mostly happy with the product from They are slow to respond to custom development request even after you pay them a deposit though - watch that part.. The product itself is fairly sound though and reasonably priced. There are other solutions out there to such as OScommerce - its open source! You can't beat the price :). Used with the right payment processing gateway and a policy to remove customers payment information (not sure if you can automated that or not) after a predefined time & properly setup hosting account it can do a great job as well.

I don't claim to be an ecommerce expert, but.. I hope that helps.

Thanks.
 
Upvote 0 Downvote
if you do plan on hosting your own...you need to invest in public certificates (like you will need for SSL), and set up a CA if you want to secure transactions back to SQL or what have you. that opens your options way up.

either way, talk them into a good budget to cover everything

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Help Please, Trying to Convince Company Mixing Personal and Corporate Email is Bad Practice
Replies
9
Views
570
DrB0b
DrB0b
maybeimaleo
  • Locked
  • Question
AirWatch Secure Email Gateway
Replies
2
Views
98
maybeimaleo
maybeimaleo
Areyouforreal
  • Locked
  • Question
System Tool Removeal 1
Replies
1
Views
83
iolair
iolair
bflowers
  • Locked
  • Question
Keri Door Systems Controller Communication with Doors Program
Replies
1
Views
93
bflowers
bflowers
felix58
  • Locked
  • Question
proper programming of a new dsc security system using the keypad
Replies
0
Views
71
felix58
felix58

Part and Inventory Search

Sponsor

Back
Top