A customer of mine that I am developing an osC store for wants to take credit card details off their customers to process offline later on their merchant terminal as 'customer not present'.
Is it OK for them to do this? I'm thinking it's not...
I did suggest initally using PayPal but they don't want to.
Latest News: (loading..)
0
8 replies to this topic
#2
Posted 27 September 2008, 21:36
you can store the cc number only in encrypt way.
Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here!
8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself.
Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues.
Any issues with oscommerce, I am here to help you.
8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself.
Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues.
Any issues with oscommerce, I am here to help you.
#3
Posted 28 September 2008, 13:12
You cannot store the number on a shared server, encrypted or not. If anyone gained access to the admin panel then they'd have access to the cc details in an unencrypted format.
You also cannot use an EPOS terminal for processing orders taken online. That would violate the agreement with the company supplying the EPOS terminal, which is only to be used for offline "cardholder present" transactions.
I realise why they want to use their EPOS terminal - like many site owners they are being cheapskates, don't care about the security of their customers' card details, and just want to avoid having to get an Internet Merchant ID and/or paying another company's fees to process online card transactions.
Tough!!
Vger
You also cannot use an EPOS terminal for processing orders taken online. That would violate the agreement with the company supplying the EPOS terminal, which is only to be used for offline "cardholder present" transactions.
I realise why they want to use their EPOS terminal - like many site owners they are being cheapskates, don't care about the security of their customers' card details, and just want to avoid having to get an Internet Merchant ID and/or paying another company's fees to process online card transactions.
Tough!!
Vger
Sam G, on Sep 27 2008, 08:45 PM, said:
A customer of mine that I am developing an osC store for wants to take credit card details off their customers to process offline later on their merchant terminal as 'customer not present'.
Is it OK for them to do this? I'm thinking it's not...
I did suggest initally using PayPal but they don't want to.
Is it OK for them to do this? I'm thinking it's not...
I did suggest initally using PayPal but they don't want to.
#6
Posted 08 October 2008, 20:51
awhitedesigns, on Oct 8 2008, 08:33 PM, said:
Now is this UK only rules? Cause in America you can process the credit card with out the customer being there if you have a merchant account with the bank. Its called mail in orders.
The medium, in which payment is sent, is different for mail in orders and e-commerce but the
principle or concept of safeguarding customer's private data is the same.
You need to know your legal obligation(state/federal) and your contractual obligation(visa, mastercard, merchant account, etc) when processing payment by mail and/or through the internet.
#7
Posted 15 October 2008, 16:31
Well then how could you process your own credit cards with out using a payment gateway? Like is there a safe way of some type of email to you?
Now i use virtual cart, and i login and use the credit and process it with my own software on my computer. I would like to do the same but safely with oscommerce?
I also have a merchant bank account.
Now i use virtual cart, and i login and use the credit and process it with my own software on my computer. I would like to do the same but safely with oscommerce?
I also have a merchant bank account.
Edited by awhitedesigns, 15 October 2008, 16:34.
#8
Posted 16 October 2008, 02:51
awhitedesigns, on Oct 15 2008, 04:31 PM, said:
Well then how could you process your own credit cards with out using a payment gateway? Like is there a safe way of some type of email to you?
Now i use virtual cart, and i login and use the credit and process it with my own software on my computer. I would like to do the same but safely with oscommerce?
I also have a merchant bank account.
Now i use virtual cart, and i login and use the credit and process it with my own software on my computer. I would like to do the same but safely with oscommerce?
I also have a merchant bank account.
Read this...
Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce
Check out my profile [click here] for information on professional services, custom coding, templates, SEO optimization, modifications, commercial support and help.
Check out my profile [click here] for information on professional services, custom coding, templates, SEO optimization, modifications, commercial support and help.
