This page opened in a new window, simply close it to return.
Q: There is no place to enter my Card Information.
This is caused by one of 2 things.
a. Either you loaded the page from a area of our site that dosen't automatically refresh and load the card information section (we use ADC for connection to our card processor). Cure: Do a page refresh by clicking on any of the "Recalculte" buttons we provide for this purpose.
b. The browser you are using is not capable of reading our security settings. We use a full 128bit encryption and most older browsers are not capable of more than 56bit. You can check your browser by clicking "help" and then "about" this will show what encryption your current browser is capable of reading. Cure: Upgrade your browser to the latest version to permit reading of 128bit encryption. (this would be a good security issue for any reason). Alternate Cure: On the checkout select the payment option of "check or money order" this will gernerate an order number which you can then either fax to us or call it in.
Note: We have been asked to downgrade our security to allow 56bit encryption, and we have refused, please don't ask as for your and everyone elses security we will not downgrade. Also: It has been stated that cards work on other sites but not ours, if another site is truly as secure as claiming to be then any 56bit browser should not be permitted to work properly.
Q: My Netscape browser is displaying a form for ordering merchandise from a department store that I trust. The little key at the lower left-hand corner of the Netscape window is solid and has two teeth. This means I can safely submit my credit card number, right?
Not quite. A solid key with two teeth appears indicates that SSL is being used with a 128-bit secret key and that the remote host owns a valid server certificate that was certified by some authority that Netscape recognizes. At this point, however, you don't know who that certificate belongs to. It's possible that someone has bought or stolen a server certificate and then diverted network traffic destined for the department store by subverting a router somewhere between you and the store. The only way to make sure that you're talking to the company you think you're talking to is to open up the "Document Information" window (from the File menu) and examine the server certificate. If the host and organization names that appear there match the company you expect, then you're probably safe to submit the form. If something unexpected appears there (like "Embezzlers R Us") you might want to call the department store's 800 number.
SSL uses public-key encryption to exchange a session key between the client and server; this session key is used to encrypt the http transaction (both request and response). Each transaction uses a different session key so that if someone manages to decrypt a transaction, that does not mean that they've found the server's secret key; if they want to decrypt another transaction, they'll need to spend as much time and effort on the second transaction as they did on the first.
Netscape servers and browsers do encryption using either a 40-bit secret key or a 128-bit secret key. Many people feel that using a 40-bit key is insecure because it's vulnerable to a "brute force" attack (trying each of the 2^40 possible keys until you find the one that decrypts the message). Using a 128-bit key eleiminates this problem because there are 2^128 instead of 2^40 possible keys. Unfortunately, most Netscape users have browsers that support only 40-bit secret keys. This is because of legal restrictions on the encryption software that can be exported from the United States (The Federal Government has recently modified this policy on following the well-publicized cracking of a Netscape message encrypted using a 40-bit key. Expect this situation to change).
In Netscape you can tell what kind of encryption is in use for a particular document by looking at the "document" information" screen accessible from the file menu. The little key in the lower left-hand corner of the Netscape window also indicates this information. A solid key with two teeth means 128-bit encryption, a solid key with one tooth means 40-bit encryption, and a broken key means no encryption. Even if your browser supports 128-bit encryption, it mayse use 40-bit encryption when talking to older Netscape servers or Netscape servers outside the U.S. and Canada.
When credit cards first came out in the late 1960s, the cardholder was liable for all losses occurring as a result of a stolen card. The credit card companies soon discovered that fear of large losses prevented people from using or keeping the cards. For a long time now, you have been liable (in most states) for at most $50 of loss as a result of credit card fraud.
Using your credit card on the Internet is no different than giving it to a restaurant. The presence of a warning-free SSL security system ensures that the company you are dealing with has passed background checks -- just like the presence of a Verifone credit-card checking device gives a good indication that the restaurant can actually accept credit cards. Look for a server certified by Verisign, Thawte, or another well-known certifying agency. If a server's SSL certificate is so signed, you have done your job to verify authenticity.
We don't recommend that you send your credit card number un-encrypted over the Internet. Just like you know not to give your card number to anyone who calls you -- you make sure you know who you are talking to first -- you shouldn't send your card number over the Internet until you are certain that the company you are dealing with has made the effort to ensure security. Presence of a warning-free SSL security system indicates that rather considerable effort has been made. Look for the lock, key, or blue line, and you should be safe.
No Your credit card number is never written to any of our systems. It merely passes through our encrypted order form. Our order from connects directly to our card processor. The SSL encryption will take care of network transmission.
First of all, after you enter your number, it is kept in memory only until until it is encrypted and only as long as the order page is viewable. Once you hit submit or refresh, it is scrubbed from the program's memory.
This behavior will be followed by the Server program as long as the number is placed in a field named mv_credit_card_number -- you can view the source of the order form to ensure that.
If you have entered your credit card number and decide not to submit your order, the encrypted number will not remain on disk. By clicking, refresh or reload your card info will dissappear. This is the result of using ADC (automatic direct connect) to our card processor.
If you wish, you can press the button on the order form which is labeled CANCEL or REFRESH, and the encrypted information will be wiped immediately.
If you would like more details, please send mail to the webmaster.
Portions copyright 1992-2007 Streichs Cake and Candy Supply