>-----Original Message-----
>From: Kevin P. Fleming [mailto:kpfleming@cox.net]
>
>I could very well be mistaken, but I was sure that the encryption only
happened
>on the client end (i.e. the server only decrypted, never encrypted).
You are mistaken. The entire session is encrypted both ways. The client
request causes the server to send it's certificate which contains the
server's public key. The client then generates a session-key, encrypts
it using the public key and sends it to the server. The server decrypts
the session-key using its local private key (which never leaves the
server). Both sides now have a session-key which is unknown to any
snooper. They now use this to encrypt all traffic in each direction.
>I don't think caching has much to do with it, the web sites just don't
>send the full number back on the "order complete" page. I always
thought
>they did that because it wasn't encrypted, but maybe it's just because
they want to
>be extra careful with that information.
The main reason that the server never echoes the credit card number is
that, on a well-designed system, it doesn't actually know it. The server
contains back-end payment software which extracts the encrypted card
number from the packet and sends it directly to the payment gateway.
Thus, the server *never* actually becomes aware of the card number. This
is essential for liability protection - the site operators have to be
able to show, if audited during a fraud investigation, that they could
never have learned the card number.
It would be possible to run a server which did decrypt the card number
but you'd be opening yourself to a terrible liability if one of your
customers complained that their number had been mis-used. You'd never be
able to prove you didn't nick it.
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
