There have been several news stories recently about the theft of large amounts of credit card data from a few e-commerce sites on the Internet. You may be concerned about the security of your own credit card information when you place an order at Criswell Embroidery and Design's web site.
Apparently, these victimized sites kept their customer database on the same server that handled their web site -- a fairly basic violation of security procedures. Worse yet, it appears that this customer information was not encrypted (scrambled) in any fashion. So, once someone hacked into the web server, they also had a shot at a number of other critical files. It was the high-tech equivalent of dumpster diving behind a restaurant for credit card receipts.
We do not keep any sensitive information on our web servers. Here's what happens when you send us an order using the Secure Order Form:
Once you've filled out the order form and clicked on the "Submit" button, two things occur. First, before any data is sent out, the form checks your order for any obvious errors. Next, your order is sent to our secure server over an encrypted connection. Anyone eavesdropping on your ordering session would see a bunch of scrambled gobbledygook.
The secure server then re-encrypts your order and emails it to our offices. This email can only be decrypted at our end using a special key and passphrase. A typical order looks like this when it arrives:
hIwD3+xIDuMAXIEBA/sEmMNNxhWCx8gzLjVCrdz88+oXW5sQVPfcDe1JiL1I6Wej
mvPngfUEbYNqWYsgKNC//dV4gWBa/Ts7DbGazg0rNd8y6GiJHcBAzNmmky9YgoLK
WTpfaBiJguwRbUg+enixAnrFzGjoejg5O+sjR3dSoAaT3MXI4rwHIB3d8lgjvaYA
AAGfvh+wCI2p35bPnKxHPiuKrOiPMICI/ZbDngyhU26dRmM5YMvKlMH9fTJQqinw
A8LxOFogVtsM8BIgtzO8LBHoy6KMcappGmY5w0TIeFToQhSSArisSYJN4BDWOcd7
HjbOomVj+n1wG4kJA/LW5wAX1OoX0Nm/0rRhkhsQ+FC9qRI2me1POhgwf/jD824B
Sj+T2DjegtMB7gAxXNzOX5HOSxlSE+Qc7uSxFYmTfsIhlxLxPhcqDfK2Wb29Tqe8
Y1sqsmwODXobSsOCnmEdtK16WvOVCupGiuAJxO2BLGLHnzZII8TAMMyKQr2xBTvs
xsoNoOqLVtm9IG5huPUIWlIM8XjvEXnGc4+fs+bPNuUdXBkk/8cPvRz5KGRHGKFQ
DjtKDEBPxgvVqtWANfihLq4k2k9/Zt1BDIveMe33vuj7Igbq7l6y7fSi9lfaBaoL
pLQ1mDUACaFqjvV8WAvV+nU9yU2scy//kRzfitE2jtTguC4xBNX13wfOqh/OMhi1
vl+Tz9t9W+fxLKm6GUDJ5WCaPwg4S/JmlQqyijIpjKOtBg==
=Alrx
The system that does the order decryption is isolated from the Internet behind a proxy server and a firewall. And, needless to say, our offices are not open to the public.
In short, we put a lot of effort into keeping your private information private.
Note: If you wish to read more on this subject, you should also look at our privacy policy.