* Home
* FrontPage Hosting
* mySQL Hosting
* Dedicated Servers
* Managed Services
* Domain Parking

Direct Email Marketing with Constant Contact

Search our FrontPage Support Area
FrontPage Support Area Site Map

The following are answers to common questions in the Microsoft FrontPage Client Newsgroup:

Electronic Commerce - Security issues

Merchants can have the results of on-line orders processed in several ways:

  • Sent to them via email
  • Stored on the server
  • Sent to an on-line credit card processing company

Security Issues --- Orders sent via email

  1. FrontPage offers no encryption or other technology for sending encrypted email.
  2. Not all store front and shopping cart software offer the option to send encrypted email.

Unless the email is encrypted (on the server) prior to being sent, the email will travel through potentially hundreds of servers and be accessible on all of them.

The Microsoft Anti-Trust law suit has proven that email, no matter how old, can be retrieved from various servers.

So it is crucial, if the merchant chooses to have the order results handled via email, the email be encrypted using technology like PGP.

There are many development companies -- we are one such company -- which have the programming staff and experience to enable this technology for merchants.

See How to use PGP to send encrypted email if you want to tackle the process yourself.

Security Issues --- Orders stored on the server

  1. Make sure the directory where the file(s) are stored is password protected.
  2. Make sure the password for this directory is changed often.
  3. Make sure the order information is not kept on the server for long periods of time.
  4. If the order information is stored on a database on the server, make sure the billing information has been encrypted.

We have seen several cases where the merchant stores the order information in a publicly accessible part on the server where anyone can browse the file.

It is crucial that all information be kept on the server only as long as necessary and in a password protected area.  If the information will be kept on the server for a long time, then the information should be encrypted.

Security Issues --- Orders sent to an on-line credit card processing company

This is often the most secure way to handle on-line orders as you, the merchant, never receive the actual credit card number and the monies are automatically deposited to the merchant account.

Note:  Just as care and planning should be taken when establishing a merchant account, care and planning should be taken when picking an on-line credit card processing company.

Dynamic Net, Inc. has worked with several companies, and we are willing to share our experiences with you if you ask.

Security Issues --- Digital ID

Personally, and as a company, we spend a large amount of money on-line, and will not ever shop at a place that does not use SSL with their own digital id.

As an outside instructor at a local college for several Internet courses, I often ask students their on-line shopping habits, and I've yet to encounter one that will shop at an on-line business that does not use SSL (though they are not often as picky in terms of the site having their own digital id).

Importance of not using a shared id:

Some hosting companies will outright take on the liability of offering to share their ID (yes, there is a huge liability issue here) with their customers in terms of reducing the investment to do business on-line.

While the pro is often reduced cost to the on-line business, the cons are many:

  • Company owning the digital id is responsible for any and all fraud committed against the id or any site sharing the id when such fraud involves the id / SSL.
  • The owner of the digital id may not have any policies against sharing the id with companies in the adult industry or other industries where there are huge amounts of credit card fraud.
  • A digital id on the server is one part of a two part key to encrypt the data. When sharing a digital id, how many companies have a copy of this one-part of the key?

Some hosting companies put up to 2,000 domains on one server (HiWay is but one example of such a company, and also a company that accepts companies in the adult industry). If but 10% of them are sharing the id, then you have 200 people with a key to the shop (so to speak). Not very secure.

-- Peter Abraham

Direct Email Marketing with Constant Contact

Dynamic Net, Inc.

Legal Notices; Copyright © 1996 - 2006 Dynamic Net™, Inc. All rights reserved.
See our privacy statement for questions on how we use information gained by our site.
Managed Services provided by We Manage Servers; hosted by Dynamic Net, Inc.
Last updated: Thursday November 16, 2006 18:22 -0500