E-commerce Credit Card Testing

Lead Architect — Fri, 21 Aug 2009 20:46:35 +0000

If you are accepting credit card payments from your web site and need to test the transaction process, the credit card companies provide the following “test card numbers.”

Test Credit Card Numbers:
Visa: 4111-1111-1111-1111
MasterCard: 5431-1111-1111-1111
Amex: 341-1111-1111-1111
Discover: 6011-6011-6011-6611

Credit Card Prefix Numbers:
Visa: 13 or 16 numbers starting with 4
MasterCard: 16 numbers starting with 5
Discover: 16 numbers starting with 6011
AMEX: 15 numbers starting with 34 or 37

Use these numbers instead of a real account number to avoid a possible security issue and of course, a possible charge to your real credit account!

Checking Web Site Security

Lead Architect — Thu, 05 Mar 2009 21:12:01 +0000

You should ALWAYS check a web site’s security before submitting sensitive information like credit card or social security numbers. You may think that just because a business is large or well known that it is safe to purchase from their web site, but that is not true. It all comes down to the web site’s security certificate. These certificates have to be renewed each year and even the best businesses sometimes mistakenly allow them to expire. We’ve even come across businesses without any security at all that are collecting sensitive information!

A Secure Site Certificate, also known as Secure Sockets Layer (SSL) is the industry standard technology used to create an encrypted link between a web server and a browser. This link protects the privacy of all data passed between the web server and a user’s browser. When information is submitted from a user’s computer, through a web site, to a web server, there are often 20-30 hops that the data makes to get from point A to point B. The data is vulnerable to interception at each of the hops unless it is secured by SSL.

Checking Security in the Browser

When a user connects to a web server location using SSL, the browser displays the following:

1. the URL in the address bar changes from ‘http://’ to ‘https://’. The “s” in the address indicates a secure connection and

2. a “lock” icon at the bottom right side corner of the browser window. (NOT an image in the web page, but an actual part of the browser program.)

Internet Explorer Browser Lock

Firefox Browser Lock

Once you notice the appearance of ‘https://’ of the lock icon, it is important to further investigate. Double click on the lock icon and check to see that (1) the certificate is issued to the same web site you browsing and (2) that the certificate validity date has not passed. Browsers often try to alert you to problems with a web site’s security (with a pop up window or on screen message), but lack of a warning is no guarantee that things are safe.

Internet Explorer Browser Certificate

Firefox Browser Certificate

Additionally many SSL Certificate vendors (Verisign, GeoTrust, etc.) provide “site seals” that can be embedded and shown on web pages. These seals usually have a dynamic date/time stamp or special code on them that you can use to further verify validity. These seals are not enough alone to verify validity, but they often add to customer confidence when making online purchases.

If your web site is taking payments or other sensitive data online, you need to be using this technology and you need to be sure that it is correctly installed and regularly renewed. Netdrafter can help with this process. Contact us right away if you need help establishing a secure connection for your business web site or if you have questions about safely submitting your own information online.

Blog - The Architect's Log » E-commerce

E-commerce Credit Card Testing

Checking Web Site Security