My Client has always simply gathered CC numbers from the web site and processed them herself through her bank. While osCommerce does have one cc payment module that gathers that information and splits the number, sending part of the cc# to her and allowing her to go to the site and get the rest, it is "not for production use". I have looked through the payment modules and can't seem to find one that just gathers credit card numbers with the order so my client can get them and process the orders through her bank. I found a mention of a ccpayment.php, but can't seem to find it anyplace.
Does anybody have any ideas or know of a module that might work for this without jeopardizing security, just a simple credit card payment module like the one offered that is "not for production use"?
Thank you for any help.
Regards,
Frank
Latest News: (loading..)
0
6 replies to this topic
#2
-
- Community Sponsor
-
- 7,731 posts
- Real Name:Geoffrey Walton
- Gender:Male
- Location:Norfolk, UK (close to the centre of the universe)
Posted 02 May 2009, 19:13
Collecting cc info for processing off-line is not a good idea.
Read up on PCI compliance
"Non-compliant companies who maintain a relationship with one or more of the card brands, either directly or through an acquirer risk losing their ability to process credit card payments and being audited and/or fined. "
Read up on PCI compliance
"Non-compliant companies who maintain a relationship with one or more of the card brands, either directly or through an acquirer risk losing their ability to process credit card payments and being audited and/or fined. "
Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
#3
Posted 02 May 2009, 19:32
geoffreywalton, on May 2 2009, 12:13 PM, said:
Collecting cc info for processing off-line is not a good idea.
Read up on PCI compliance
"Non-compliant companies who maintain a relationship with one or more of the card brands, either directly or through an acquirer risk losing their ability to process credit card payments and being audited and/or fined. "
Read up on PCI compliance
"Non-compliant companies who maintain a relationship with one or more of the card brands, either directly or through an acquirer risk losing their ability to process credit card payments and being audited and/or fined. "
So, you are saying that she use a gateway, rather than doing business the way she has been doing it for the last 10 years? She has a merchant account with her bank that allows her to process these cards.
#4
Posted 02 May 2009, 19:46
If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
#5
-
- Community Sponsor
-
- 7,731 posts
- Real Name:Geoffrey Walton
- Gender:Male
- Location:Norfolk, UK (close to the centre of the universe)
Posted 02 May 2009, 20:35
and if you are an IT consultant and let her do it/set it up for her and her site is not PCI compliant I guess she could claim off you/ your professional indemnity insurance when it all goes belly up.
Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
#6
Posted 02 May 2009, 21:47
geoffreywalton, on May 2 2009, 01:35 PM, said:
and if you are an IT consultant and let her do it/set it up for her and her site is not PCI compliant I guess she could claim off you/ your professional indemnity insurance when it all goes belly up.
OK. I understand. In the old store, not data was not stored on the site. It was sent directly to her via encrypted email. Is that acceptatable and, if so, is there a contrib which will accomplish this?
#7
Posted 02 May 2009, 21:54
Quote
It was sent directly to her via encrypted email. Is that acceptatable
Email is about as secure as a screendoor on a submarine, and anything that is encrypted can be unencrypted (given enough time and the right tools).
You should investigate this further (try the link I posted).
If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
