Jump to content



Photo
- - - - -

Storing credit card details for offline processing


This topic has been archived. This means that you cannot reply to this topic.
8 replies to this topic

#1   Sam G

Sam G
  • Members
  • 93 posts

Posted 27 September 2008 - 19:45

A customer of mine that I am developing an osC store for wants to take credit card details off their customers to process offline later on their merchant terminal as 'customer not present'.

Is it OK for them to do this? I'm thinking it's not...

I did suggest initally using PayPal but they don't want to.

#2   web-project

web-project
  • Members
  • 4,320 posts

Posted 27 September 2008 - 21:36

you can store the cc number only in encrypt way.
Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here!
8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself.
Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues.
Any issues with oscommerce, I am here to help you.

#3   Vger

Vger
  • Members
  • 16,978 posts

Posted 28 September 2008 - 13:12

You cannot store the number on a shared server, encrypted or not. If anyone gained access to the admin panel then they'd have access to the cc details in an unencrypted format.

You also cannot use an EPOS terminal for processing orders taken online. That would violate the agreement with the company supplying the EPOS terminal, which is only to be used for offline "cardholder present" transactions.

I realise why they want to use their EPOS terminal - like many site owners they are being cheapskates, don't care about the security of their customers' card details, and just want to avoid having to get an Internet Merchant ID and/or paying another company's fees to process online card transactions.

Tough!!

Vger

A customer of mine that I am developing an osC store for wants to take credit card details off their customers to process offline later on their merchant terminal as 'customer not present'.

Is it OK for them to do this? I'm thinking it's not...

I did suggest initally using PayPal but they don't want to.



#4   Sam G

Sam G
  • Members
  • 93 posts

Posted 29 September 2008 - 10:54

I thought as much, Rhea. Thanks for clarifying this for me!

#5   awhitedesigns

awhitedesigns
  • Members
  • 52 posts

Posted 08 October 2008 - 19:33

Now is this UK only rules? Cause in America you can process the credit card with out the customer being there if you have a merchant account with the bank. Its called mail in orders.

#6   BryceJr

BryceJr
  • Members
  • 1,464 posts

Posted 08 October 2008 - 20:51

Now is this UK only rules? Cause in America you can process the credit card with out the customer being there if you have a merchant account with the bank. Its called mail in orders.

Vger is referring to e-commerce online transactions.

The medium, in which payment is sent, is different for mail in orders and e-commerce but the
principle or concept of safeguarding customer's private data is the same.

You need to know your legal obligation(state/federal) and your contractual obligation(visa, mastercard, merchant account, etc) when processing payment by mail and/or through the internet.

#7   awhitedesigns

awhitedesigns
  • Members
  • 52 posts

Posted 15 October 2008 - 16:31

Well then how could you process your own credit cards with out using a payment gateway? Like is there a safe way of some type of email to you?

Now i use virtual cart, and i login and use the credit and process it with my own software on my computer. I would like to do the same but safely with oscommerce?
I also have a merchant bank account.

Edited by awhitedesigns, 15 October 2008 - 16:34.


#8   toyicebear

toyicebear
  • Community Sponsor
  • 6,408 posts

Posted 16 October 2008 - 02:51

Well then how could you process your own credit cards with out using a payment gateway? Like is there a safe way of some type of email to you?

Now i use virtual cart, and i login and use the credit and process it with my own software on my computer. I would like to do the same but safely with oscommerce?
I also have a merchant bank account.



Read this...

#9   awhitedesigns

awhitedesigns
  • Members
  • 52 posts

Posted 16 October 2008 - 04:13

Thank you