Credit Card Information and Social Security Number


#1

Hello everyone,
Did let’s encrypt secure enough to process Credit Card Information and Social Security Number ? and do there are any guarantees for personal information if been hacked?

Thank you in Advance


#2

There’s no particular reason why a certificate issued by Let’s Encrypt could not be used for that purpose. That being said, the choice of your CA is only a tiny part of the story. If you’re going to process credit card numbers, you’ll need to be PCI DSS compliant, for example. Let’s Encrypt provides a certificate for transport-level encryption and authentication, it does not automatically make your server secure enough to process or store sensitive information.

You’re probably referring to the insurance policies some CAs use in their marketing strategy. Let’s Encrypt does not offer any kind of insurance to subscribers, no. That’s not really practical for a free service.

I’m not aware of a single case where this insurance has ever been paid out to anyone. Being hacked typically has nothing to do with your CA, so these types of insurances don’t make a hole lot of sense.


#3

My company already insured with Cyber Security Coverage, so in this case do I able to process CC on my website?

How do I involve with PCI DSS compliant?


#4

That would not be a replacement for being PCI DSS-compliant, no.

Don’t take this the wrong way, but if you’re not aware of PCI DSS, you probably don’t want to be processing credit card numbers. :blush: You’ll need to talk to an infosec professional to figure this out. It’s not really something that can be described in a couple of sentences. This is going to be expensive. If possible, look into options where you don’t have to process credit card numbers yourself (Stripe, Braintree, etc.)


#5

Oh, I believe you took my question in wrong way; I am using https://www.cognitoforms.com/ for my sign up forms and they have a CC processing forms but they have the same forms available to be embedded as html in your website, so they are processing my sign up applications with CC payment process and they are responsible sending the money to Stripe

I mean when I creating my HTML application through https://www.cognitoforms.com/, do their is any risk to process this HTML application on my website (with letsencrypt SSL)? since they are responsible to process my application with customer CC (I mean https://www.cognitoforms.com/)? That was my question? Sorry if I made it confused.


#6

I’m not familiar with that product, so I can’t really answer any specifics.

If they’re using Stripe (correctly), you won’t touch credit card info directly, so with regards to PCI DSS you’d be not in scope for most of it and would only have to make sure to use SSL/TLS on any of your sites with a credit card form. There’s no reason why you couldn’t use Let’s Encrypt for this, and it’s in fact one of the CAs Stripe recommends in their security guide.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.