Latest News: (loading..)

cannuck1964's Photo

cannuck1964

Member Since 15 Sep 2002
Offline Last Active Nov 25 2011, 16:27

Find content

Community Stats

Group Corporate Sponsor
Active Posts 998 (0.29 per day)
Most Active In General Support (289 posts)
Profile Views 20,979
Age 47 years old
Birthday June 30, 1964
Real Name
Peter McGrath
Gender
Male
Location
Ontario, Canada
Interests
osCommerce development, customization and related services. I provide code development not found here on the osCommerce site, implementing functionality built to meet your business needs. If you need contributions installed or modified, I have worked with osC for many years and understand the code very well.

Contact Information

Website URL http://www.systemsmanager.net
MSN cannuck1964@yahoo.com
Yahoo mcgrathp@yahoo.ca
Skype cannuck1964

2 Neutral

Friends

Latest Visitors

Harald Ponce...
13 Jan 2012, 12:24
drferrari
06 Jan 2012, 22:00
rockjam
09 Oct 2011, 15:41
newshop
19 Sep 2011, 08:04
kurt1
15 Sep 2011, 17:57

Posts I've Made

In Topic: Saving Credit Card info Dilemma

10 October 2011, 15:52

Quote

ok, let me rephrase my statement.

There is NO ECONOMICAL way to accept credit card information electronically for manual processing use. Contact your merchant service provider and they will tell you what you really need to know. I have spent hours and hours and hours working with a PCI DSS compliance firm in Ontario and in the end, the client decided not to pursue the matter because of the extreme costs involved. (estimated 7500 -10000 dollars)

Depends on what you consider economical, will there be costs, of course there are. Try and set up a business without costs.
I too have spent hundreds of hours bringing clients into PCI conformity, there are many different aspects to it and each has it's own requirements. The PCI survey will generally tell you what you need to do.

Quote

*** Hiring a full time inventory clerk is cheaper than becoming PCI DSS Compliant. ........lol

Well lets see, clerk at min wage of say $10/hr x 40 hrs = $400 x 52 = 20, 800

PCI all costs incurred say $10 K.

Quote

A private hosting/dedicated server is not enough in itself, there are a lot of other additional security hops to jump through. There are no short-cuts or "cheap" ways....it will cost a bundle.

True, but then there should not be for firms wanting to store this information. If they can not afford to do so, then they should look at alternatives.

I am pretty sure there are methods to extract and use quickbooks as the inventory management (export / import features). In terms of the online sales having issues with the inventory, generally inventory and sales can be tracked and averaged.

So that if on average the in store sells X items per day, and inventory takes X days to replenish, then you know how many you can safely sell on line. So when inventory drops to a specific level, then it is either taken off of on line sales, or is listed with a disclaimer of late shipping.

In 99% of the transactions this will work just fine, and if you have a margin of error built in, then you will not have any major issues.

A CRON running daily (or more often) would ensure that inventory levels are always in sync.

cheers

In Topic: Saving Credit Card info Dilemma

30 September 2011, 16:56

Quote

There is no PCI DSS compliant way of processing the credit card information collected from an online source for manual application ESPECIALLY if the client is in Ontario.

Not true.

The PCI standards only increase when you save credit card data. What can not be saved (and may create issues is the CVV code).

To save the CC number, card holder name etc can be done in a safe manor, but this means a higher standard for the web site to adhere to, for example, the CC info must be encrypted, can not use a shared server, must limit who has access to the data etc.

The compliance survey will give better indication on what the standards needed are.

When saved, you would generally send an authorize request to the CC processor, and then at a later date capture the payment (maybe having to make total adjustments ).

cheers

In Topic: My Web Design Company

30 September 2011, 16:50

Quote

You do not have to show any copyright info "in plain view" on the shop/catalog side, but in admin it should show. You can not remove the copyright inside the code files themselves.

change the word should to must

This is part of the released conditions.

If you are open to your customers, on what you are using, what you are doing, generally if you provide the services, you will not be sued...

cheers and good luck in your endevours...

In Topic: Is it illegal to resell osCommerce?

22 August 2011, 16:01

DunWeb, on 22 August 2011, 15:04, said:

Arana,

If you have submitted your 'ideas' under GPL on this forum, then anyone can use and redistribute the scripts. To clarify, people who 'sell' osCommerce aren't actually selling the GPL software, they are selling their time it took to integrate all of the contributions into a functioning cart.

Chris

The seller need not make any changes and can still sell osC. If I found someone is willing to pay me I could sell them the cart without making any changes at any time. The GPL allows anyone to sell the software as is, renamed to a new name (without changes) or anything else. What you can not do is change the licensing, encrypt the logic or remove any of the copyrights.

cheers

Peter

In Topic: CVV?

04 August 2011, 14:44

Quote

So is it still considered 'storing' the information if it's in two seperate pieces in two different places?

Yes, this also leaves you open to liability issues, and if the credit card companies find out, they can remove your credit card processing entirely from your business (and sue you for any losses they incurred).

Quote

Most osc sites are not PCI compliant and thus you must not store cc info on your site.

The CVV is never to be stored, it is used and discarded, even PCI does not allow for the saving of this value..

cheers