Are email encription technologies (such as PGP or GPG) REALLY necessary????

Davidc316

Let's say you have a shopping cart and the entire checkout page (which collects customer credit card details amongst other things) is stored securely on SSL.

Let's also assume that the when a customer hits submit on the checkout form, an email is immediately sent to the shop admin guy. The email would contain all the details that had been submitted from the checkout (credit card info, customer addresss, order details etc).

QUESTION- is that secure???

I keep reading about PGP and GPG but I fail to see the need if our checkout is ALREADY stored on a secure server.

Thanks!

feldon23

I dunno what shopping cart system you are using, but the good ones do not share any part of the credit card # with the shop owner. Just a confirmation code and the person's name and address.

Curious why you started a new topic for this?

Stoned_Gecko

Even though customer interracts with the store through SSL, the email that's sent is still plain text. SSL only encrypts the data during the transmission to the web server. Sending something as sensitive as the CC number through plain text is asking for trouble.

I understand that many store owners don't want to have a separate merchant account for the online store and would much rather utilize their existing terminal to save some money. I don't think there is an excuse for that anymore. PayPal is a nice cheap easy to setup way to collect dough online, so the CC number should never be stored

However if you must send such sensitive info via email, you should encrypt it. It should be encrypted even if you just store this info in the database or a file.