Login   |   26 May 2017 
Support Center » Knowledgebase » 4-0004-EN-I have enabled PGP encryption in my shop but the Order Notification emails are now showing up as un-encrypted although the attachments are still encrypted. Is this still secure?
 4-0004-EN-I have enabled PGP encryption in my shop but the Order Notification emails are now showing up as un-encrypted although the attachments are still encrypted. Is this still secure?
Article

ShopFactory and GlobeCharge have updated its system especially for merchants who are manuallyprocessing credit card payments. Thus, the only affected merchants are thosewho manually process their customer’s credit card payment. We have now turned OFF thecustomer credit card details if the shop payment settings are either free SSLor fee GC without PGP encryption. The merchant will still get the OrderNotification email but they will have to contact the customer to get theircredit card details. The merchant will need to setup PGP encryption or they canconsider other options such as upgrading to ShopFactory Total Care or signingup for a GlobeCharge Business Plus account or use a realtime payment gateway,e.g. PayPal and accept credit card payments via PayPal. 

Recent updates for the Order Notification emails thatmerchants receive are now in un-encrypted format. Merchants will see the emailcontent with customer’s billing address (but not the credit card details) aswell as the products ordered. PCI standards requires only the payment details to be encrypted. There are three attachments in each OrderNotification email – these are 1) customer.txt , 2) order_details.txt , and 3) payment_details.txt – all three will be encrypted.

  

Now, here are some scenarios of different implementations for accepting manual credit card payments:

  a)       Payment Setting: Free Secure Order Processing byShopFactory

                                                             i.       with valid PGP key

 

Having setup PGP encryption properly in thepayment settings, the Order notification attachments will be encrypted. You can only view the payment details if you decrypt the order into SalesManager or your 3rd party PGP application.  

                                                           ii.       with wrong PGP key

If PGP encryption was setup but merchant has enteredthe wrong key, for example, the top header for the entire PGP block was cut-off:

 

Then the Order attachments will show as “ Encryption Failed ” – and you will NOT beable to find the credit card number, name, expiry date, and CVV in theattachments.

 

This indicates that merchant will have toreview the PGP encryption setup as outlined in the FAQ article –

For shops using Free SSL paymentsettings with Manual Credit Card Processing - PGP encryption must be enabled ifcustomer credit card details are sent via email

http://faq.shopfactory.com/article-6756.html

 

                                                         iii.       without PGP encryption

The order attachments will NOT display anycredit card information – it will simply indicate in the Payment_details.txtwhat the “Payment Method” was, for example, Visa.

The Order can still be downloaded inSalesManager but it will NOT show the credit card name, number, etc. so youcannot process the payment.

 

b)       Payment Setting: Free GlobeCharge account

                                                             i.       with valid PGP key

Having setup PGP encryption properly in the payment settings, the Order notification  attachments will be encrypted. You can only view the payment details if you decrypt the order into SalesManager or use your 3rd party PGP application to decrypt the attachments.

 

                                                           ii.        with wrong PGP key

If PGP encryption was setup but merchant hasentered invalid key t hen the Order attachments will show as “ Encryption Failed ” – and you will NOT beable to find the credit card number, name, expiry date, and CVV in theattachments. The screenshot below shows the payment_details.txt file withoutthe credit card number, name, and expiry date.

This indicates that merchant will have to reviewthe PGP encryption setup as outlined in the FAQ article –

For shops using Free GlobeChargeaccount payment settings with Manual Credit Card Processing - PGP encryptionmust be enabled if customer credit card details are sent via email

http://support.shopfactory.com/kayako/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=620

 

                                                         iii.       without PGP encryption

The order attachments will NOT display anycredit card information – it will simply indicate in the Payment_details.txtwhat the “Payment Method” was, for example, Visa. 

The Order can still be downloaded inSalesManager but it will NOT show the credit card name, number, etc. so youcannot process the payment.

 

c)      Payment Setting:  Paid GlobeCharge account ( including Total Care,Online Order Management, Reseller Tracking, Business Plus, Business Pro, ESDservice, GlobeCharge PayPro )

Please note that ordernotification emails for paid GlobeCharge accounts will now contain the three attachments: 1) customer.txt , 2) order_details.txt , and 3) payment_details.txt

                                                             i.       with valid PGP key – same result as free GlobeCharge account setup above.

 

                                                           ii.       with wrong PGP key – same result as the free GC account setup above.

However, the Order Notification email itself will show theCVV while the Credit card name, number, and expiry are stored on theGlobeCharge orders page so merchants can still process the credit card payment.

 The Order in GlobeCharge can also be downloaded intoSalesManager – see screenshot below. Note that since the Order has not been setto “paid” in GlobeCharge, then the credit card details are shown inSalesManager. There will be no CVV showing in SalesManager since the CVV is inthe Order notification email.

 

                                                         iii.       without PGP encryption

PGP encryption is NOT needed because all Ordersare securely stored on the GlobeCharge server. The orders in GlobeCharge canstill be downloaded into SalesManager.

How do I import my GlobeCharge orders into Sales Manager?

As previously explained, the credit card number will be removed once the Order is marked as “paid”.

If merchant has set the GlobeCharge order as“paid” – the credit card details will be removed. SalesManager will not showthe credit card number anymore when order is set as “paid”.  



Article Details
Article ID: 636
Created On: 22 Oct 2009 12:00 AM

 This answer was helpful  This answer was not helpful

 Back
 Search
 Article Options
Home | Knowledgebase | Downloads
Language:

Help Desk Software by Kayako SupportSuite v3.70.02