Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Credit Card Number

Avatar

Level 4

I am contemplating a secure way to transmit credit card numbers in a form. The users of the form have only Adobe Reader and so I'm thinking

a)  When the form-filler is finished filling the form, s/he clicks Submit or another button

b)  The Submit button then makes the credit card field invisible

c)  The form-sender receives the form and clicks Receive or another button to expose the credit card number field which was concealed in (b).

The problem is that anybody who intercepts the file can also click the Receive button to expose the credit card number.  The form-sender and filler both have only Adobe Reader. There is no Acrobat or policy server in this scenario.  Maybe, I could have them click a particular alphabet in the form title to reveal the credit card number field?  Is there a smarter way to transmit the credit card number?  Thank you.

1 Accepted Solution

Avatar

Correct answer by
Former Community Member

The only secure way to do this is to encrypt the form before you send it. If you are posting it then https will encrypt it while it is in transit. If you are simply emailing the form around then you coudl use secured email.....or you can use the encryption facilities within acrobat, but this will require a certificate.

Paul

View solution in original post

8 Replies

Avatar

Correct answer by
Former Community Member

The only secure way to do this is to encrypt the form before you send it. If you are posting it then https will encrypt it while it is in transit. If you are simply emailing the form around then you coudl use secured email.....or you can use the encryption facilities within acrobat, but this will require a certificate.

Paul

Avatar

Level 1

This is precisely what I would like to do, but cannot use a form with a submit button because my users are using all versions of Reader.  Can you either explain in more detail how I can do this or point me towards resources to learn how?

You said, "The only secure way to do this is to encrypt the form before you send it" - do you mean there is a way for me to encrypt the form before I distribute the blank form or do you mean the user would have to encrypt it before the return a completed form?

You said, "If you are posting it then https will encrypt it while it is in transit."  Post it so the form opens in the browser and/or post the form for download?  I've seen a posted form behave differently depending on what version of reader the browser is using. It's resulted in the submit button not working, which is of course frustrating.

You said, " If you are simply emailing the form around then you coudl use secured email...." - I am not totally naive but what constitutes a secure email?  The recipient address would need to be secure?  How is form protected in the senders sent email bin?

You said, "you can use the encryption facilities within acrobat, but this will require a certificate." Could you say a bit more about how this works?

Thank you!

Brad

Avatar

Level 4

The first thing we request is that our clients upgrade to the latest version of Reader at  -  http://get.adobe.com/reader/

If they can't comply, then we have no deal:  they can take their job to another designer.  This frees us to design happily with the latest features of LiveCycle Designer without worrying about some user on old versions of Reader that can't interpret some new features.

Avatar

Level 1

Yes, but I am designing a form for an organization of people who won't or won't know how to update (as easy as it is) and will just give up.  So I am trying to make it as easy as possible.  Thanks for the help.

Avatar

Former Community Member

First let me start by saying that simply hiding the field and making it visible/invisible is only useful for visiual on screen use. The credit card number woudl still be visible in the data stream....so any one who can intercept the data stream will be able to retrieve the number. By submitting across an HTTPs link the data that is submitted is encrypted by the secure HTTPs link. This is the method I woudl suggest that you use. You can still show/hide the number on screen if you wish.

The encryption of the PDF is possible and you coudl submit across an open HTTP link instead. This would require that your users have a digital certificate to be able to perform the encryption. If your users are Reader users then you would need LiveCycle Reader Extensions server to extend the form to allow those users to perform the encryption. This is a costly solution so for that reason I do not recommend you go that route unless you are an enterprise and you have many forms to do.

Go with the secure HTTPs solution and you will be fine. This is not different than collecting secure information on an HTML page.

Hope that helps

Paul

Avatar

Level 4

GO THERE to upgrade them if need be.  That's called going the extra mile for your clients.  I feel strongly about this because old versions of Reader hold back a designer big time.  The designer is not free to employ the new and better features of new versions of LiveCycle Designer because some users can't or won't upgrade.  Anyway,  it's your call.

You could also consider  --   http://help.adobe.com/en_US/formscentral/using/index.html  It is less than a month old and still a work in progress.

Avatar

Level 1

Is there any way for the form to prompt the user to upgrade?  In otherwords, can the form determine which version of reader is being used and notify the user that the form cannot be used in their current version and they need to upgrade.  Is this possible?

Thank you!

Avatar

Level 10

In File>Form Properties>Defaults you can set the version to run the form in. This will pop up a warning but will still allow someone to fill in the form.

I've posted a sample I made to acrobat.com that describes how to check for Acrobat version and whether or not JavaScript is enabled and stop people from using the form if the conditions aren't met: https://acrobat.com/#d=ymlPW2HMEWTn5lmxLFkDKA

The following has evaluated to null or missing: ==> liqladmin("SELECT id, value FROM metrics WHERE id = 'net_accepted_solutions' and user.id = '${acceptedAnswer.author.id}'").data.items [in template "analytics-container" at line 83, column 41] ---- Tip: It's the step after the last dot that caused this error, not those before it. ---- Tip: If the failing expression is known to be legally refer to something that's sometimes null or missing, either specify a default value like myOptionalVar!myDefault, or use <#if myOptionalVar??>when-present<#else>when-missing. (These only cover the last step of the expression; to cover the whole expression, use parenthesis: (myOptionalVar.foo)!myDefault, (myOptionalVar.foo)?? ---- ---- FTL stack trace ("~" means nesting-related): - Failed at: #assign answerAuthorNetSolutions = li... [in template "analytics-container" at line 83, column 5] ----