Hi, could any please help me with my query regarding credit card transactions please,

1.Describe the encryption which will be used for all transactions containing card information whilst being transmitted over the internet.

2. Describe the network partitioning and the firewall technology, which will be used to protect the site.


Kind Regards

Hi Saleem

These are the standard questions asked when setting up a merchant account. 1.Describe the encryption which will be used for all transactions containing card information whilst being transmitted over the internet. The main encryption processes used are called Diffie-Hellman key exchange and SAFER block cypher. If you are using SSL this encryption takes place on the server, or if you are using the Actinic inbuilt java applet the data is encrypted in the buyer's browser. With both methods, the order is only decrypted once downloaded on the merchants PC. If you are using a PSP, the security procedures are carried out by them. 2. Describe the network partitioning and the firewall technology, which will be used to protect the site. You will have to speak to your web host about their security and I would recommend installing a firewall on your PC to protect the data stored there.

Ben

Thankyou Ben, your information is very helpful.

regards

It seems to me from the response above, that when using SSL to do the encryption, some unencryped card details will be sent from PC to the ssl server. Is there a security risk here? - please advise!

andy

Is there a security risk here? No - the SSL technology secures the data from the buyers browser to the web server, then Actinic uses perl script to encrypt the data on the server until it is downloaded on the merchant's PC.