I understand what you are saying, but it sounds like the old cheque book scenario, where if you asked someone for their account name, bank name, sort code and account number, they'd say no, yet they'd happily write you a cheque which holds all of that information.

Card details aside which are of course very important, what realistically will unencrypting an order give you, if you could actually do it. My name and address and email and phone number, along with what I order. That might feel sensitive data to you, but in reality majority of it is easily collectable from a number of sources and it's just not data to interest anyone, when there is far more useful data available ie card details which will result in far better increases in the fraudsters pocket.

Cheers Leehack,

The value of the data aside, it was just a question on how Actinic secures the data held on the server.

There is an encryption key in the Actinic / Housekeeping / Security

But this same key must be sitting on the server for it to encrypt the data there before download.

So, the tools to decrypt the data held, is available on the server should someone have access to it......

It would sound sensible to me that at some stage at some level the encryption algorithm is accessible, whether it is crackable or indeed worth the effort to do so is i guess another argument. With technology, when a human creates it, then at some level a human can clearly break it, we will never get round that IMO.

Grant, this is a complex question.

I won't actually answer it directly, for the reason that we never actually comment on the details of our security, as it helps anyone attacking, and this forum is indexed by Google and can be found by anyone.

The way you address the issue you raise is by public/private key encryption, sometimes known as "asynchous encryption". This is where a public key is used to encrypt data but cannot be used to decrypt it. You need the private key to do that, and it's not available. The system that is reposnsible for the encryption generates the private and public keys together, but only releases the public key. You cannot derive the private key from the public one.

This is the method that SSL uses, along with PGP. If you think about it, if it didn't SSL would be totally insecure as the key would need to be sent between the server and the browser.

However, none of this is useful if your server is compromised, as a hacker would have access to the data before it was encrypted. Actinic is significantly more secure than a typical ecommerce system as it doesn't store the orders on the server so a hacker would only get a few orders and any hack to Actinic scripts can easily be reversed by doing a full publish to web.

I agree with Lee, though, it's not too much of an issue. The hackers are interested in the card details, and if you use a PSP these never go near the store server.

Chris

Thanks for the replies guys