View Full Version : SSL

01-16-2003, 09:04 AM
If I have my site SSL'd and post credit card info to a 3rd party processor also SSL'd, is it secure?

Thanks :p

01-16-2003, 09:15 PM
for some reason??? /me seems to just a think® thattt alll the info hasss to be just a transferred® via the same ssl...

/me just a reminds® ya shes stilll not programmed to just a think® lol...

01-17-2003, 08:20 AM
Does anyone know what prompts if any the user gets when I send him from my SSL site to another SSL site on a different server?

Thx :p

01-17-2003, 07:50 PM
If you are talking about "bouncing" a user's browser session to a third party SSL server, then the prompts the user sees are 100% under the control of the third party processor.

If you are talking about performing a server-to-server session from your server directly to the third party processor, then the prompts the user sees are 100% under your control -- the user's browser session never leaves your site.

Security wise, either method can be made "secure enough" for e-commerce but a server-to-server link is more secure because it is less prone to various "spoofing" or "data doctoring" techniques used by fraudsters.

With either method, the best advice I could give you is to not use any auto-close or auto-settle "features" to settle your transactions for clearing. Provided there are good security procedures in place for the auditing and submitting of transactions for settlement, then no matter what tricks or hacks fraudsters use on the front-end, you or the merchant will be able to stop the transactions before they go to interchange and the money is transferred.

For more information, take a look at $$$ ON THE NET(tm) (http://www.shift4.com/default.cfm?page=otn.cfm) and the rest of our web site. Good luck in whatever you use...

01-18-2003, 03:12 AM
Ok...I was just informed that my server actually doesn't have to be SSL'd to post creditcard info to a SSL'd server. I'm wondering if that's really true...