You can't change them all in one go using Actinic but you can however replace all or part of the numbers with stars (***) in the payment tab in the order details. It is sometimes useful to keep the last 4 digits of the credit card for reference if someone phones to check order details.

You can change all of them at once by microsoft access, the best way to do it would be to write a query to change the contents of the credit card no field in the orders table to stars.

Regards,

Credit Card suppliers require padlock

Jan, thanks for your reply regarding cc info. removal.

My cc supplier has also requested that I secure my site by use of a padlock as they require 128-bit encryption for cc details when being received and downloaded. I have explained to them that Actinic already uses 128-bit encryption and therefore I should not need to use a padlock.

Can you confirm the above, your comments would be useful on this.
thanks, Pam

I believe this to be the case - I would send them a bit of the Actinic help file that shows this to be the case.

Regards,

use of padlock

Jan can you advise where in the help i can find the security information.

thanks

Hi Pam,

I have just realised that you are in the V4 or earlier conference this means that you will not be able to use the * character in credit card numbers, that feature was added in V5. The only option you have to change the number to a dummy number (1111222233334444 will probably be accepted)

[checks help]
Well I was wrong about the encryption as well - it's not 128bit encryption (that is what you get with shared SSL) it is 1024bit encryption.

You should search for 'Security options' in the help to find the details - the text from the V4 help is

"Catalog's own model, Actinic in-built encryption, uses a 1024 bit model to encrypt the credit card details within the browser on the buyer's PC. They are not decrypted until downloaded from the web site. This is the most secure model. It employs an encryption standard called Diffie-Hellman, which is a public-key algorithm for key exchange, and is widely used on the Internet. These keys provide an extremely strong and reliable encryption. A private key is generated and held within Catalog whilst a public key is generated and used to encrypt the order. If the Diffie-Hellman encryption process fails for any reason, or the private key is lost, then the order will be lost too. This problem is generic to the nature of private/public key algorithms, not a specific Actinic Catalog problem.

(c) Actinic plc"

Regards,

How do I remove credit card details

Jan thank you for your comprehensive reply.

I believe I can just space out the cc number too, but I need to check that it doesnt return!

Can you advise what the difference is between 128-bit encryption and 1024 encryption. which is the better and is the 1024 as secure as the 128? Basically, the supplier security declaration form specifies 128-bit encryption so I am not sure where I stand now-it a better or worse position? Also my developers who set up the cc facility for me on the website actually wrote on the website that it uses 128-bit encryption so they thought it did too.

Your advices would be much appreciated on this as early- many thanks.

Pam, the following link to the actinic knowledge base should help.

http://knowledge.actinic.com/users/k...aUKST_2d4V8EYM

In a nutshell, 1024 bit encryption is more secure than 128 bit. The number of bits describes how many bits are used in the encryption key. The more bits there are, the harder it is for anyone to crack the code. (although I believe the US 'spooks' are the only people who can crack 128 bit encryption and even that takes their supercomputers 2-3 days for each code).

Mike

Removing Credit Card Option

My credit card service supplier have now accepted the Actinic security is sufficient and we do not need to install a padlock.
However, they say that we must rent another cc transaction machine to identify the internet ones separately. As this is not cost effective for us we are planning to "turn off" the credit card facility on our website. Can you advise us how to do this in Actinic V4. Is it just a case of de-selectiing "credit card" in "payment options" under "business settings" and then submitting the update to the server?
We would then advise our customers to send the cc details by email or phone.

thanks for your advices. Pam

How do I turn off credit card facility in V4

Hi
ref last post does anyone know how to turn off cc facility in V4?
thanks Pam

Pam,

Taking the card details over the phone or by email won't be any different to taking them over the internet. They're all 'Cardholder Not Present' transactions which is what the CC companies really care about.

Mike

cc details

Hi Mike
Well you would think that, but aparently, they are happy to accept cc not present over the phone, by email, fax or letter but if cc details come in by internet then they want them processed as completely separate transactions to any others. Hence, if we continue to take cc by internet we have to rent another cc terminal from them at £20 plus per month.

Currently our transaction rate for internet orders is low mainly because we dont understand how to get it ranked on the search engines. We have a brilliant site but not many people visiting. Would love some help on that!

So back to original Q. I have to make decision not to either turn cc off on my site or pay to rent another terminal. Would prefer to keep cc on, but only if I can get my conversion rate up.

thanks, Pam

cc details

Hi Mike,
site is called www.todance.com if yo want to take a look.
regards, Pam