Hi all,
Just trying to clarify a point on oscommerce.
If you use paypal modules or something similiar, is all the payment processing done on their site?
So in effect you do not have any sensitive information stored in the commerce site itself?
Also, has oscommerce been pen tested?
If this is the wrong forum, please could you point me in the right direction.
Thanks
Latest News: (loading..)
0
3 replies to this topic
#2
Posted 09 May 2008, 13:00
Hello Nathan!
No, the payment is processed through a secure connection (SSL) to the payment gateway or processor. When the customer is entering his card information on a website, the information is sent to the payment gateway or directly to the processor (e.g. Visa). The customer is receiving an answer back instantly whether the payment is approved or not.
You can as merchant only handle the card information your self, if you are PCI compliant. Most companies uses a payment gateway to avoid this PCI approval process.
The osCommerce has off all I'm aware of NOT been pen tested. But you can try to contact them about this. But if you are worried about this, you should first of all check your hosting supplier and/or your own servers. If your website/system is hacked, it’s not the shop systems there will be their first entrance / choice...
Should you have any questions regarding PCI or how to accept online payments on your website, please don't hesitate to contact me.
No, the payment is processed through a secure connection (SSL) to the payment gateway or processor. When the customer is entering his card information on a website, the information is sent to the payment gateway or directly to the processor (e.g. Visa). The customer is receiving an answer back instantly whether the payment is approved or not.
You can as merchant only handle the card information your self, if you are PCI compliant. Most companies uses a payment gateway to avoid this PCI approval process.
The osCommerce has off all I'm aware of NOT been pen tested. But you can try to contact them about this. But if you are worried about this, you should first of all check your hosting supplier and/or your own servers. If your website/system is hacked, it’s not the shop systems there will be their first entrance / choice...
Should you have any questions regarding PCI or how to accept online payments on your website, please don't hesitate to contact me.
Kind Regards,
Thomas Pedersen
ePay Europe
Thomas Pedersen
ePay Europe
#3
Posted 29 November 2008, 06:40
Bear in mind that SSL only protects information in transit - not once it is sitting on a server.
Also, beware of trusting tips given by someone who is promoting services, as Shrik Tom so obviouslyis was.
Also, beware of trusting tips given by someone who is promoting services, as Shrik Tom so obviously
Edited by Jan Zonjee, 29 November 2008, 08:36.
#4
-
- Community Member
- 9,557 posts
- Real Name:Leslie Cooper
- Gender:Male
- Location:Sea Lake, Victoria, Australia
Posted 29 November 2008, 07:15
WoodsWalker, on Nov 29 2008, 05:40 PM, said:
Bear in mind that SSL only protects information in transit - not once it is sitting on a server.
Also, beware of trusting tips given by someone who is promoting services, as Shrik Tom so obviously is.
Also, beware of trusting tips given by someone who is promoting services, as Shrik Tom so obviously is.
The Coopco Underwear Shop
If you live to be 100 years of age, that means you have lived for 36,525 days. Don't waste another, there aren't many left.
