Posted 17 April 2010 - 04:29 PM
Posted 17 April 2010 - 07:30 PM
Most osc sites are not PCI compliant and thus you must not store cc info on your site.
You have to use 3rd party ard processors such as paypal/protx.
So take this as a No, no ,no and no and no to any other question. :-)
Virus Threat Scanner
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
Posted 18 April 2010 - 12:07 AM
I guess the question still is . . which cvv addon would you suggest, even if not PCI compliant?
I plan to use gunpal as soon as a module for it becomes available for osc, as paypal's TOS is very restrictive.
Posted 04 August 2011 - 02:44 PM
Yes, this also leaves you open to liability issues, and if the credit card companies find out, they can remove your credit card processing entirely from your business (and sue you for any losses they incurred).
The CVV is never to be stored, it is used and discarded, even PCI does not allow for the saving of this value..
See my Profile (click here) for more information and to contact me for professional osCommerce support that includes SEO development, custom development and security implementation
Posted 07 August 2011 - 02:37 PM
But if you have a MOTO system approved to allow you to charge card not present credit card payments received it is NOT ALLOWED to require you to enter the CVV.
It may still ask for it but it won't require it. If it does then contact Visa and the merchant account provider will be in more hot water than a lobster at the local seafood restaurant.
The issue is the CVV must NEVER NEVER NEVER be written down, recorded or stored in any way, shape or form, either temporarily or permanently, either in part (truncated) or in whole, either encrypted or not.
Therefore, if your merchant account provider is expecting you to have the CVV to enter it from a card not present payment made to you, simply ask them how do they propose you have the CVV in your possession to enter it? There will be a long pause then the penny will drop for the guy/girl you are talking to because that will mean they are forcing you to capture, write down or temporarily store the CVV - in short they are forcing you to act illegally under PCI which means not only you could be hit with a massive fine but you and they could both lose the right to handle the Visa card product (and other card brands too).
I've been using e-Path (http://e-path.com.au) for a while now because I like processing the cards myself offline and I don't have to worry about PCI.
Not sure if this info is helpful but I thought I'd clear things up anyway.
Posted 07 August 2011 - 11:17 PM
e-Path Website said:
Edited by HappyPappy, 07 August 2011 - 11:20 PM.
Posted 07 August 2011 - 11:49 PM
See my Profile (click here)
Posted 08 August 2011 - 12:30 AM
Here is my reply ... http://forums.oscommerce.com/topic/374988-credit-card-module/page__view__findpost__p__1596452