Best way to encrypt emails?

marque

Hi all,

The problem with having credit card numbers emailed to you from a ssl secured web site is that it is secure when the email gets sent to your inbox, but it is not secure while it is sitting on the server waiting to be downloaded.

I need a way to encrypt (or the content within) the email so that i may feel safe my customers credit card details remain un-compromised.

I'm sure this problem has been addressed many times, but can anyone point me in the right direction.

I thought about PGP and that is probably the best solution, but i need a tutorial on how to install and compile into PHP.

Thanks.

daphreeek

I think you should look at other options because even the best encryption can be decrypted by someone with a bit of time, effort and knowledge. And I'm sure for a few credit card numbers - someone would want to put in those 3 components. I'm sure you're customers wouldn't be to pleased about it.

You can actually use services (paid I believe - don't know much bout them) which you send the transaction (eg: your user id, customers credit card number, and an amount) to another company which immediately processes the request and then the credit card number is not stored at all. And its all secure.

I think investigating this furthur is a much better way than storing credit card numbers - no matter how encrypted they are.

Matt

marque

Great advice!

I currently have a manual system, that i process the cards by hand 🙁 not the ideal way of doing things.

I did a search and found a company that provides a gateway for this. And they supply the php aswell!

cjliu42

I have been looking into a similar problem, encrypting the data with the use of PGP. A good article can be found from www.webmonkey.com, from the security section. I am fairly new at this too, can I be correct to assume sending the PGP data through email is secure?

Colin

liquidchild

I would just add at this point that will the suggestion of processing card details straight away is a good idea, there are encryption algorithms out there that are at present unbreakable!
For example there are one-time pad encryptions, take a look at:
http://www.aspheute.com/english/20010924.asp

Also there a key encryptions where the length of the key determines the ease of breaking the algorithm. I think that a key of 512 ensures security in todays world. This algorithm can in theory be broken using a variety of techniques such as known cipher or known text attachs or by attempting all possible keys (brute force), however using a key of length 512 means a silly amount of time would be required based on the most powerful machines on the consumer market today, unless quantum computing exsits in which case they would be broke in a day!