|
| |
|
|
Jego
Posts: 551
From: Near Brampton, Ontario, Canada
Status: offline
 |
Free Shopping Carts - how secure is secure? - 1/4/2002 22:51:25
Newbie to this e-commerce stuff and yes, I've done my searches on the Forum (like a good little Outfronter) and read all I could. I have a question though... in a free shopping cart (ie: [url]www.mals-e.com[/url], or any for that matter...how can you TRUST that it's not some fly-by-night company that sets up and then grabs credit card info?
How does a secure server work I guess is what I'm asking. And please, speak slowly...rank amateur here.
I've learned in life that you never get anything for free, but we still "try". I, quite handily (pats self on back!), set up a cart to accept credit cards. Even modified one to make it do what it's kind of not designed for (pats self on back harder!) It went so well that I'm now wondering what the "catch" is and why don't more people go "free".
Server dudes? It must be possible to get the info off a secure server if you own it, right? IS there a security issue? Am I being paranoid or just cheap? Is this one of these things where you should be checking out the credentials of suppliers?
Jego "Wondering in Ontario; whilst still patting self on back" (and that's hard to do; kind of like rubbing your stomach and patting your head at the same time 
|
|
|
|
Thomas Brunt
Posts: 6109
Joined: 6/6/1998
From: St. Matthews SC USA
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/5/2002 11:26:41
I'm not fully qualified to answer this, but I may be able to shed some light.
The shopping cart isn't really the security issue. It's just a database of your products and your customers but not their cc information.
A secure server is one that has a security certificate. That enables a sys admin to create diretories in which the form data that gets submitted is encrypted.
Versign's primary business is selling these server certificates. Of course they're into all kinds of things now.
Many shopping carts (including the one OutFront uses) can do all of their work without even worrying about the security issue because the carts send the user to a secure form on a cc authorization company's site when it's time to enter cc info. That secure form takes the customer back to your site when the transaction is finished.
I'm not sure that I can highly recommend authorizenet, but that's the company that I have my merchant account with. I think we will switch to Verisign soon. Yes, they do merchant accounts too.
Some shopping carts like StoreFront, require you to have a ssl (secure sockets layer) directory yourself. Most hosts can set that up for you quickly. This is useful if you care to design the cc processing form or if you want to add some functionality to it. If you're happy with a plain vanilla form then I think this is extra hassle that you don't need.
I've heard good things about Mals. I'm sure that security is not something you need to worry about as long as you're using a good Internet Merchant account and the purchase process eventually takes you to a ssl form for entering cc info, whether that secure form be on your site or on your Merchant Account company's site.
t
| |
|
|
|
Thomas Brunt
Posts: 6109
Joined: 6/6/1998
From: St. Matthews SC USA
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/5/2002 11:32:13
One last thought. It's always possible to steal cc info -- just harder with a secure form.
But I never hesitate to give my cc to a waiter that I've never met. There is a chance the waiter will copy my info and either sell it or use it. It's way easier to do that then it is to decrypt secure information on the Internet.
t
| |
|
|
|
Jego
Posts: 551
From: Near Brampton, Ontario, Canada
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/5/2002 20:32:56
Great Tom...thanks....oh boy, I'm trying to get my brain around all of this (unfortunately I think too many eggnogs over Christmas have clogged up the brain arteries).
I AM learning a few things though (I think)....for one thing, I reread this interesting thread http://66.155.126.102/topic.asp?TOPIC_ID=8928 and this time around, combining your info and my recent shopping cart mucking around....it actually made much more sense.
One thing I learned, and I WILL admit it here even though it's embarrassing....uh, I didn't realize that "VeriSign" sold "certificates"......I thought they were like a payment processing thing. See...that didn't hurt me too badly (blushes fiercely). And wow...it sure costs a lot to install your own! Ouch.
Please, correct me where I go astray in the following:
** I must work on the terminology.....I understand that the shopping cart is really nothing except forms etc., and that the important part is the secure page where cc info is entered. Because I can accept credit cards manually, I don't need it to go to a payment processor, I need to be able to access the cc # which is stored on a secure server. In this case, I am using/borrowing/whatever mals-e's secure server, right? Therefore, I am trusting that they have the proper certificates. Is this not a very bright thing to do? Because it is a third party am I just assuming they're nice people and wouldn't possibly do anything with the cc info? (mals-e is an example; I am not knocking them...just trying to get my head around this). (I have to sign-in to a secure page to get the cc info...but this is still obviously through mals-e).
** If it is this easy.....to *use* someone else's secure server, then why do people go to the trouble and expense of on-line cc processing (IF they don't have scads and scads of sales per day). Wouldn't it be more cost-effective for those just starting out to just accept cards manually with a merchant account from their bank and use this kind of freebie secure page? Remember, I'm just walking through this and I'm waiting for people to jump all over my assumptions, so please go ahead...it's the only way I'm going to understand the whole process.)
***************************
btw...this is one of the pages I was working on; http://www.doanesupply.com/shopping/minimall_manuals.htm Use cc # 4111 1111 1111 1111 to make a purchase if you want to see the secure page.
Love the analogy about the waiter, Tom...you're so right...how many times do we just hand perfect strangers our credit cards and watch them go away with it? Hmmmmm.....could make one paranoid.
I'm going away now....my brain hurts.
Jego
| |
|
|
|
Bluey Zee
Posts: 105
From: Rutherglen Vic Australia
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/6/2002 1:31:57
Jego,
I'm a bit with you on this one -
quote:
why do people go to the trouble and expense of on-line cc processing (IF they don't have scads and scads of sales per day). Wouldn't it be more cost-effective for those just starting out to just accept cards manually with a merchant account from their bank and use this kind of freebie secure page?
Thomas makes a very valid point with the waiter example and it has never ceased to puzzle me as to why we go to such lengths to secure cc details on one hand with secure servers and such yet we give them away freely on the other e.g restaurants, phone purchases, etc.
I won't deny that the more secure we can make these transactions, then the better it will be for all of us end users but it's a bit like the bucket - if there are a few leaks in the sides then it won't matter how strong the handle is or how well reinforced the bottom is - it will still leak and until those leaks are permanently fixed then that bucket ain't gonna be trusted to carry too much water.
Cheers,
Jim
| |
|
|
|
Thomas Brunt
Posts: 6109
Joined: 6/6/1998
From: St. Matthews SC USA
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/6/2002 10:55:49
Regardless of what shopping cart you use, you will still need a Merchant Account. The secure admin section for your merchant account is where the cc info is stored.
I started out without a shopping cart, and just used a buy button hooked up to my merchant account -- a few lines of form code that the merchant account company provides. That worked very well when I only had a handful of products. I was able to jump in and get started in practically no time.
Once the site was clearly succeeding at selling the products then it was clearly time to work on the purchase process. That meant installing a shopping cart.
It depends upon your situation whether you need your own ssl directory or not. I don't need one. I'm happy using the plain vanilla form on the authorizenet server, but I'm not as concerned as others may be about the look and the functionality of that form.
btw, Your host needs to purchase only 1 certificate per secure server. I believe that many hosts have one or a few separate servers that house all of their secure directories. It feels like you're staying on the same site, but you're really going somewhere else even when you have your own ssl directory.
t
| |
|
|
|
Smitty
Posts: 221
From: Anaheim, Ca. USA
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/6/2002 11:19:20
Now for the good news.
I recently bought a SSL cert from geotrust.com they bought the rights from equifax. IT's only $99.00 a year and I had it back in my hands about 20 minutes after I asked for one. It doesn't make the server secure it only makes the transaction in transmission secure. That's what I've been told.
Smitty
John A. Smith sorryiforgot.com hairschool.org
If you have to ask "Who's the man?" Your probaly not him.
| |
|
|
|
Thomas Brunt
Posts: 6109
Joined: 6/6/1998
From: St. Matthews SC USA
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/9/2002 9:03:42
The certificate allows for the encryption of the information that gets sent to the cc authorization company.
t
| |
|
|
|
adambrooks
Posts: 145
Joined: 1/8/2002
From: Charlotte / Matthews NC USA
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/9/2002 9:39:15
I ahve used Mal's for about 2 and a half years. I have also setup a few clients on it. I would never had setup another client on it if I didn't feel completely confident in the service.
The cart is secure. All credit card info is passed via SSL with a thawte certificate. I do, however, recommend that if you like the service - upgrade your accoutn to premium and pay for it. Business have to make money and if nothign else, you save money and time by not having to upgrade the cart.
| |
|
|
|
xterradane
Posts: 143
From: Mobile, AL USA
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/9/2002 13:06:42
Check out www.paypal.com. They have a good way to accept credit card through them. It's free other than the normal fees the CC companies charge anyway. It's secure and set up very well. The only draw back it that people who are getting your product/service has to sign up as a free member with them. However, they are the one of the primary ways people on e-bay do transactions. So, many people already have accounts with them. One cool thing also is that they do subscriptions as well!
Gail
| |
|
|
|
Jego
Posts: 551
From: Near Brampton, Ontario, Canada
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/9/2002 14:31:00
Thanks to all for your comments...and a HUGE thank you to Gil who spent far too much of his time with me trying to get my head around it.
I really got tripped up on the terminology. One of my accounts is a "merchant account", which allows me to deposit Visa payments manually; this is the ONLY thing I can do with this account besides transfer the $$$ out into a business account; also, and this is important, we have authorization to deposit "User-Absent" Visa payments; where the customer has not signed the slip in person (i.e. over the phone or ini the case now, over the internet). This particular authorization (according to my hours of reading on the subject) can be difficult to get. If I did not have an account with this authorization I would not be able to use the mals-e CC processing, as I would need to have an actual card & signature for each sale. So you see... Tom was telling me I had to have a Merchant Account and I was thinking "I have one", but I didn't have the one that he was talking about and I'd have to have a different "Merchant Account" which wouldn't deposit into MY "Merchant Account" but rather into my Business Account....blah, blah, blah. Phew! Jego very confused.
I also did not realize (thanks to Gil's enlightenment & the fact that it was so many years ago that we set one up) that getting an actual CC Merchant Account for a new business/small business is not the easiest nor an inexpensive thing to obtain. I thought it strange that people would pay lots of money to get something that I was *thinking* anybody with a Visa Merchant Account could get for free. i.e. mals-e and their secure CC area.
In my particular case, it looks like the mals-e solution is PERFECT. (I'm happy :)) We also have a low volume of credit card purchases so doing it manually is not a great waste of time. If we had hundreds a day this wouldn't work. Well, it would, but you'd have to hire somebody to write out all the slips and then you might as well pay to have an Internet Merchant Account instead.
F.Y.I. - Paypal has its drawbacks for anybody not in the U.S. A Canadian signing up for Paypal (ie. to pay someone), has to wait for their Visa statement to activate their account; there is a code printed beside a small charge on your bill. For people who don't access their Visa accounts on the internet, waiting for the paper statement could realistically take 28 days or so. That would obviously apply internationally as well.
Ah, it feels good when the lights start to come on....was getting slightly worried that the "power shortage" was permanent!
Jego
Edited by - Jego on 01/09/2002 14:38:03
Edited by - Jego on 01/09/2002 14:38:49
| |
|
|
|
wchurch
Posts: 3
From: Glendale, AZ USA
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/9/2002 19:30:03
I too am very new to ecommerce and am taking some college courses to try to figure this out. But in the meantime I wanted some cash flow. I discovered a service called paypal that lets you do Mastercard and Visa with no big fees and very little programming. I even put it on a commercial page that I manage and you are welcome to look at it. The web site is www.paypal.com and the commercial site is www.iahss.org and go to the IAHSS Mall.
Wayne C. Church, CPP
Certified Protection Professional
| |
|
|
|
abbeyvet
Posts: 5095
From: Kilkenny Ireland
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/9/2002 19:40:18
quote:
Paypal has its drawbacks for anybody not in the U.S. A Canadian signing up for Paypal (ie. to pay someone), has to wait for their Visa statement to activate their account; there is a code printed beside a small charge on your bill. For people who don't access their Visa accounts on the internet, waiting for the paper statement could realistically take 28 days or so. That would obviously apply internationally as well.
Even bigger drawback when you if you are not in US, Canada, UK or Australia is that if you accept payment via PayPal you cannot get paid!! There is NO way to get the money from your PayPal account to you - all you can do with it is spend it online with people who accept PayPal.
Not terribly useful if you are not in one of those countries!
Katherine
++++++++++++++++++++++++
www.inkkdesign.com
"Dogs have owners, cats have staff"
Meeeooow!
| |
|
|
|
--jackie
Posts: 28
Joined: 1/8/2002
From: Indiana USA
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/13/2002 17:09:29
Thanks Jego. I've printed out the posts and now I'll take some time to digest them! Hopefully, my question will be answered.
--jackie
| |
|
|
|
Gil
Posts: 7533
From: North Carolina, USA
Status: offline
|
RE: Free Shopping Carts - how secure is secure? - 1/13/2002 18:10:02
You also may want to check with your hosting company, some have "specials" for their clients. We offer a free Authorize.net account with the following fees for our ecommerce customers:
Visa/Mastercard 2.39 %
Transaction Fee .35 cents
Monthly Service Fee $12.00
American Express “$5.00 per month”
Discover Card 2.44%
Authorize Net Real-time Processing
Monthly Gateway Fee $25.00
Gil Harvey
The Host Factory
Resellers are our Specialty
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
