FutureQuest, Inc. FutureQuest, Inc. FutureQuest, Inc.
Receiving credit card information securely via email?
Posted on 14 January 2004 07:48 AM
Question:

I need to receive the credit card info from a form and I already have a SSL directory, but I was thinking that just putting a normal mail form cgi there would be of no value because the email itself would be unencrypted.

Do I need to install some sort of encryption CGI? Or is there anything standard for this type of task?

Answer:

Rich@RSmarketing.com has developed a PGP formmail script that works well with our particular configuration.

PGP Form Mail provides a secure method of emailing the data collected in an HTML form. Its primary purpose is to allow the results of an online order form, including credit card information, to be sent encrypted to the recipient.

This allows the order information to be decrypted and processed offline using the browser-based terminal feature of a gateway payment processing service (like Authorize.Net or Signio); a locally installed terminal processing application (like PC or Mac Authorize or IC Verify); or other means of submitting the credit card transaction to your merchant (acquiring) bank.

The PGP Form Mail script along with instructions for its use are available, free of charge, for download in the Downloads section of the Service Desk at:
http://service.FutureQuest.net/cat42

or directly at:
http://service.FutureQuest.net/downloads/pgp5formmail.zip