Login   |   22 Sep 2018 
Support Center » Knowledgebase » 4-0004-EN-I have enabled PGP encryption in my shop but the Order Notification emails are now showing up as un-encrypted although the attachments are still encrypted. Is this still secure?
 4-0004-EN-I have enabled PGP encryption in my shop but the Order Notification emails are now showing up as un-encrypted although the attachments are still encrypted. Is this still secure?
Article

ShopFactory and GlobeCharge have updated its system specifically for merchants who are manually processing credit card payments. Thus, the only affected merchants are those who manually process their customer’s credit card payment. We have now turned OFF the customer credit card details if the shop payment settings are either free SSL or free GlobeCharge without PGP key. The merchant will still get the Order Notification email but they will have to contact the customer to get their credit card details. The merchant will need to setup PGP encryption or they can consider other options such as upgrading to ShopFactory Total Care service or use a realtime payment gateway, e.g. PayPal and accept credit card payments via payment provider. 

Recent updates for the Order Notification emails that merchants receive are now in un-encrypted format. Merchants will see the email content with customer’s billing address as well as the products ordered (but without the credit card details). PCI standards require only the payment details to be encrypted. There are three attachments in an Order Notification email – 1) customer.txt , 2) order_details.txt , and 3) payment_details.txt – all three will be encrypted.

Here are some scenarios of different implementations for accepting manual credit card payments:

a) Free Secure Order Processing by ShopFactory

                              i. with valid PGP key

Having setup PGP encryption properly in the payment settings, the Order notification attachments will be encrypted. You can only view the payment details if you decrypt the order into SalesManager or your 3rd party PGP application.  

                                 ii. Wrong PGP key

If PGP encryption was setup but merchant has entered the wrong PGP key, for example, the top header for the entire PGP block was cut-off:

Then the Order attachments will show as “Encryption Failed” – and you will NOT be able to find the credit card number, name, expiry date, and CVV in the attachments.

                               iii. Without PGP key setup 

The order attachments will NOT display any redit card information – it will simply indicate in the Payment_details.txt what the “Payment Method” was selected by customer, for example, Visa.

The Order can still be downloaded into SalesManager but it will NOT show the credit card name, number, etc. so you cannot process the card payment.

 

b) Free GlobeCharge account

                                i. With valid PGP key

Having setup PGP encryption properly in the payment settings, the Order notification  attachments will be encrypted. You can only view the payment details if you decrypt the order into SalesManager or use your 3rd party PGP application to decrypt the attachments.

 

                               ii. Wrong PGP key

If PGP encryption was setup but merchant has entered an invalid PGP key then the Order attachments will show as “Encryption Failed” – and you will NOT be able to find the credit card number, name, expiry date, and CVV in the attachments. The screenshot below shows the payment_details.txt file withoutthe credit card number, name, and expiry date.

This indicates that merchant will have to reviewthe PGP encryption setup as outlined in the FAQ article –

For shops using Free GlobeChargeaccount payment settings with Manual Credit Card Processing - PGP encryption must be enabled if customer credit card details are sent via email

http://support.shopfactory.com/kayako/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=620

 

                                iii. Without PGP encryption

The order attachments will NOT display any credit card information – it will simply indicate in the Payment_details.txtwhat the “Payment Method” was, for example, Visa. 

The Order can still be downloaded inSalesManager but it will NOT show the credit card name, number, etc. so youcannot process the payment.

 

c)  Paid GlobeCharge account (including Total Care,Online Order Management, Reseller Tracking, Business Plus, Business Pro, ESD service, GlobeCharge PayPro)

The Order Notification email contain part of the Card Number and the rest will be in the server-side Order Details page. 

PGP encryption is not necessary because all Orders are securely stored on the GlobeCharge server. The orders in GlobeCharge canstill be downloaded into SalesManager.

How do I import my GlobeCharge orders into Sales Manager?

As previously explained, the credit card number will be removed once the Order is marked as “paid”.

If merchant has set the GlobeCharge order as“paid” – the credit card details will be removed. SalesManager will not showthe credit card number anymore when order is set as “paid”.  



Article Details
Article ID: 636
Created On: 22 Oct 2009 12:00 AM

 This answer was helpful  This answer was not helpful

 Back
 Search
 Article Options
Home | Knowledgebase | Downloads
Language:

Help Desk Software by Kayako SupportSuite v3.70.02