Jump to content


  • Content count

  • Joined

  • Last visited

1 Follower

About cconlin

  • Birthday 06/25/1970

Profile Information

  • Real Name
  • Gender
  • Location
    United States
  • Interests
    skiing, scuba diving, nature & wildlife
  1. cconlin

    Paypal Website Payments Pro vs. Standard, PCI DSS

    Thank you both for your input. I will use a system that includes PCI compliance so I don't have to deal with it. It's now between Paypal Standard, Authorize.net, and Beanstream. When I called the support number to chat with Paypal, I was on hold for 20 minutes and never got to talk to anyone. When I called Beanstream, someone actually answered and knew what they were talking about. No transferring me to someone else. It's service like that that will ultimately help my decision. Is there anything I should know about? Like a bad experience with any of these providers? Thanks again to all.
  2. Hi there, I'm trying to figure out Paypal options for a client. The Paypal website states that credit card data security is taken care of by Paypal with Website Payments Standard, but that we need to manage security if we use Website Payments Pro. Does that make sense to anyone? Any suggestions - or has anyone had experience with one or the other? The reason I'll use an online merchant company to process credit card payments is so that they handle all the PCI DSS compliance and such. With Payments Pro I can have my own design on the checkout pages, and it's kept on my site. With Standard, I think we are stuck with the ugly yellow Paypal buttons. I want seamless design integration, but PCI DSS is more important. Does anyone have experience managing PCI DSS on Paypal Payments Pro? is it *partially* taken care of by Paypal? Also - is there an add-on that will work with OSC 2.3? All the ones I found (and all posts) seem to be 2.2 or RCA. Thank you! Cindy
  3. cconlin

    Offline Payments?

    Thank you so much, Chris. It's hard to believe any company would be PCI DSS compliant if they had to pay that much. I imagine they all just process the cards online immediately so they don't have to deal with it. Either that or the merchant companies that store credit card info are so large that PCI DSS compliance costs are just part of doing business for them. Thank you for your time and suggestions. I will need to verify my client's publisher's data security standards and make sure they are compliant before we use their system. Otherwise my client (and I) would be liable. The publisher has told me before that they manually enter the credit card charges that my client sends them, so I assume they have BOTH an onsite (card present) merchant account AND an online processing company for their own shopping cart system. If they accept info online via their own cart and also enter numbers manually, that would be the only compliant solution. And they would still need to be PCI DSS compliant because they store numbers in order to enter them manually. I sure hope they are!!! Thanks again, your help has made a HUGE difference to me! Cindy
  4. cconlin

    Offline Payments?

    Thanks again Chris. I wish I could make it that simple. One thing I didn't mention - since the publisher processes credit card payments and receives the funds, the publisher then pays my client based on products sold. She did not want to change that arrangement. If we were to process payments on her new site, she would have to pay her publisher to fill the orders, which would be a deal-breaker. So I will need to sign up with a processing company that offers a "don't process payment now" option - so she can process the payment offline. But that would mean storing the cc numbers as she currently does, and then we'd have to be PCI Compliant, correct? If the processing company is PCI DSS compliant and I verify that the publisher is also PCI compliant, is that enough to continue her current method and meet PCI standards? Thanks for listing your steps. I installed 2.3.1 and am adding features needed. I've got products_extra_fields (thanks to Gergely Toth!!) working properly, more than 400 products uploaded (about 1/4 have photos), and design comps are now in revision. My stumbling blocks for functionality are [credit cards/payment], and the shipping module [table rate-based on order total, but I need to customize it further to allow choice of UPS Ground, UPS air, USPS, FedEx ground, FedEx air, etc..., each with unique table rates]. I'm hoping to have the functionality ready to show my client, but these two things (with the offline cc processing and 5-6 custom shipping tables) are holding me back.
  5. cconlin

    Offline Payments?

    Thank you so much, Chris. I definitely want to do it right! Whatever I do will be PCI DSS compliant - for everyone's sake. I was hoping Security Metrics would check the new site's payment processing/storing, etc., to be sure it complies. So let me see if I understand all the points: 1. Even though we are not PROCESSING the credit cards, because we are collecting the info, we need to sign up with an online processing company such as Authorize.net, Paypal, (at whatever that cost is) to be compliant. Most of what I've seen from these companies is a %-based fee based on the total charged. If my client processes offline, then they are effectively paying double fees or commission (once with the online processing company, once through their own manual merchant account). Can you recommend any payment processing companies that would be better suited to my client's usage (processing offline at a later time)? 2. We need to have and pay for a dedicated SSL (unless it is part of the payment processing company's fee) 3. Do we also need to be certified by Security Metrics or another compliance agency? Or, is it enough to make sure I use SSL and a reputable processing company that is PCI DSS compliant, such as Linkpoint or Paypal or other? My client says it costs her about $100 a year for the Security Metrics seal. This might be a package deal through the hosted shopping cart system, so I don't want to all of a sudden be in for $1699 to check the site! 4. What is a typical cost for setting up the payment processing and security (is it roughly $100-$200 or much more)? I think she pays about $30/month for her hosted cart, plus Security Metrics (~$100+) and Verisign (?). We wanted a more robust system to suit her store (more product fields, better able to design our own site). Have I unleashed a monster in terms of cost now? (yikes!) I am worried how to get everything in order - I'll check for other forum posts that outline steps for how to add payment processing correctly. Thank you so much for your expertise. I want to create a secure and compliant site. I am afraid I'm in over my head (either that or I am overthinking)! Is it as daunting as I think, or is it really just a matter of signing up with Authorize.net or Beanstream? Thanks again! Cindy
  6. cconlin

    Offline Payments?

    Hi Chris, Thank you for your help! My client also has Security Metrics, which runs scans and is supposed to ensure her site is secure. I think because she has an account with them, her current site must be compliant. Although, I probably have to look into it further using her account login at Security Metrics to make sure an SAQ was filled out... So, regarding Verisign, is that an unnecessary expense? If it's not a payment gateway and does not guarantee PCI DSS compliance, then it isn't doing anything for her. I thought that was the payment gateway or processor. Is Security Metrics an online payment processing company? I just can't tell - I believe they offer it but I'm not sure if it's included in their Quarterly Site Certification. Obviously I need to look into this more. I don't want my client to pay for Security Metrics and Verisign, and then tell her she needs to also pay a payment gateway or payment processor. My client's publisher (the company that fulfills the orders) processes credit card payments manually. I don't see anything on their site about PCI DSS compliance, even when I go to view my shopping cart. They do have SSL, but I don't see any credential-like certificates or even mention of PCI compliance or security. If my client passes info to her pub to charge credit cards, is THAT against the law ... and/or is that going to get either my client or me into trouble? Sorry for all the questions - I am just spinning around all the issues and have been for about a month. I feel like I get further from implemenatation every day! There's an option to "just use their shopping cart" but then we aren't compliant if they aren't - ugh! Thanks again for helping! Cindy
  7. cconlin

    Offline Payments?

    Hi, I am a newbie to osc (and ecommerce). I am so confused now and don't know what to do. I have read all about PCI compliance. My client currently uses Verisign to collect credit card info (including CVV) and process cc offline. Her current website is set up through a hosted shopping cart system, and I'm creating a new system for her using OSC. If my client already has a subscription to Verisign and uses SSL, can I integrate Verisign into my osc as a payment method (module??) and collect the info for her to process offline? Verisign is compliant and uses secure servers, so would I be following the rules or breaking them if I tried to continue this way? Sorry I'm not eloquent - I thought I understood the PCI compliance but I can't figure out how to do payment modules for osc without actually processing the credit cards live and without a merchant account. My client actually uses a 3rd-party to process payments. For example: my client gets an order, records customer information for her records (but not credit card info), passes the order to her distributor. The distributor then processes the payment, fulfills the order, and handles shipping. The distributor is then the one who has the payment gateway or merchant account (I may be confusing the two)... As long as we collect the data using SSL and Verisign, will we (my client and myself as developer) be OK? And, then ... HOW do I integrate Verisign into osc? I can't find any info on Verisign in any of the forums or contributions. I am so confused!!! Thanks so much for any help you can give me. I'm feeling rather overwhelmed by it all now. Cindy
  8. Hi there, I have several shipping tables based on order total. I can't figure out how to implement multiple shipping tables. I found plenty of posts related to multi-vendor shipping, or USPS interface, but none using shipping tables for various methods. My shipping tables with set prices are separated in this way: USPS Priority Mail - inside US UPS Ground - inside US (uses the same shipping table as USPS Priority) FedEx 2nd Day - inside US FedEx Overnight - inside US USPS Canada - inside Canada USPS Airmail - anywhere They all have shipping tables based on price, not weight. I tried to set up Zones - but that only works using item weight. I don't have an account with USPS to use that module (plus I think it's based on weight). I don't interface with the shippers (UPS, FedEx, USPS) - I am developing the site/store. All I want is to provide customers several shipping options based on price, (zone/country), and shipping method (FedEx/UPS/USPS etc.). Is it possible to allow the customer to choose which method they want? I think it's a hybrid of Shipping Tables and Zones ... but I can't find how or where to set up separate shipping tables. Any help would be greatly appreciated!!! Thanks~ Cindy
  9. I believe you need to install Easy Populate first, and the extra product fields will install after that. Easy Populate was really easy to install, but it has certain fields and that's it. I suggest you install Easy Populate, then go see how it works. Your xls or csv file headers need to match what they put in their directions (for EP). It will tell you to download (export) the sample products and take a look at how the export file is set up, then try re-uploading that. If that works, your Easy Populate is installed correctly. If you have fields that don't match theirs ... it doesn't work like you want it to, hence the extra fields add on. If you do get Easy Populate installed and working, write again before going on to extra fields add-on. I've been working on it and asking the contributor lots of questions about code not matching (some of the instructions refer to legacy code from OSC version prior to 2.3.1, so it just doesn't exist. I'll point you in the right direction if I haven't already uploaded the new install files/instructions from the contributor (and if he says it's OK - not sure how that works).
  10. I did get past that step. I never had Product Extra Fields installed first. I have a new install of OSC 2.3.1, and I installed Easy Populate on top of that. This is the third step in my process. One thing I do know: if you already have Product Extra Fields installed (of some version), the update instructions are different than new install instructions. Do you already have Product Extra Fields installed and are you trying to upgrade from an earlier version?
  11. Hi, I'm new here. Thanks for any help you can give. I am installing Extra Product Fields 2.31 version by member wdepot. Running osCommerce 2.3. I am at Step 6, and cannot find the snippet of code to replace. I don't know what to do! Please forgive me if I included too much code below. I haven't found any similar problem in the forums... Here are the instructions: 6) In catalog/includes/modules/product_listing.php Find the section of code that reads as follows: case 'PRODUCT_LIST_NAME': $lc_align = ''; if (isset($HTTP_GET_VARS['manufacturers_id'])) { $lc_text = '<a href="' . tep_href_link(FILENAME_PRODUCT_INFO, 'manufacturers_id=' . $HTTP_GET_VARS['manufacturers_id'] . '&products_id=' . $listing['products_id']) . '">' . $listing['products_name'] . '</a>'; } else { $lc_text = ' <a href="' . tep_href_link(FILENAME_PRODUCT_INFO, ($cPath ? 'cPath=' . $cPath . '&' : '') . 'products_id=' . $listing['products_id']) . '">' . $listing['products_name'] . '</a> '; } break; I don't have that code exactly. The code I have for product_listing.php is below. I don't know if I have crossed versions or ... ? I don't know how to proceed. Please let me know if I did something incorrect - I'm mid-install and stuck stuck!! <?php /* $Id$ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2010 osCommerce Released under the GNU General Public License */ $listing_split = new splitPageResults($listing_sql, MAX_DISPLAY_SEARCH_RESULTS, 'p.products_id'); ?> <div class="contentText"> <?php if ( ($listing_split->number_of_rows > 0) && ( (PREV_NEXT_BAR_LOCATION == '1') || (PREV_NEXT_BAR_LOCATION == '3') ) ) { ?> <div> <span style="float: right;"><?php echo TEXT_RESULT_PAGE . ' ' . $listing_split->display_links(MAX_DISPLAY_PAGE_LINKS, tep_get_all_get_params(array('page', 'info', 'x', 'y'))); ?></span> <span><?php echo $listing_split->display_count(TEXT_DISPLAY_NUMBER_OF_PRODUCTS); ?></span> </div> <br /> <?php } $prod_list_contents = '<div class="ui-widget infoBoxContainer">' . ' <div class="ui-widget-header ui-corner-top infoBoxHeading">' . ' <table border="0" width="100%" cellspacing="0" cellpadding="2" class="productListingHeader">' . ' <tr>'; for ($col=0, $n=sizeof($column_list); $col<$n; $col++) { $lc_align = ''; switch ($column_list[$col]) { case 'PRODUCT_LIST_MODEL': $lc_text = TABLE_HEADING_MODEL; $lc_align = ''; break; case 'PRODUCT_LIST_NAME': $lc_text = TABLE_HEADING_PRODUCTS; $lc_align = ''; break; case 'PRODUCT_LIST_MANUFACTURER': $lc_text = TABLE_HEADING_MANUFACTURER; $lc_align = ''; break; case 'PRODUCT_LIST_PRICE': $lc_text = TABLE_HEADING_PRICE; $lc_align = 'right'; break; case 'PRODUCT_LIST_QUANTITY': $lc_text = TABLE_HEADING_QUANTITY; $lc_align = 'right'; break; case 'PRODUCT_LIST_WEIGHT': $lc_text = TABLE_HEADING_WEIGHT; $lc_align = 'right'; break; case 'PRODUCT_LIST_IMAGE': $lc_text = TABLE_HEADING_IMAGE; $lc_align = 'center'; break; case 'PRODUCT_LIST_BUY_NOW': $lc_text = TABLE_HEADING_BUY_NOW; $lc_align = 'center'; break; } if ( ($column_list[$col] != 'PRODUCT_LIST_BUY_NOW') && ($column_list[$col] != 'PRODUCT_LIST_IMAGE') ) { $lc_text = tep_create_sort_heading($HTTP_GET_VARS['sort'], $col+1, $lc_text); } $prod_list_contents .= ' <td' . (tep_not_null($lc_align) ? ' align="' . $lc_align . '"' : '') . '>' . $lc_text . '</td>'; } $prod_list_contents .= ' </tr>' . ' </table>' . ' </div>'; if ($listing_split->number_of_rows > 0) { $rows = 0; $listing_query = tep_db_query($listing_split->sql_query); $prod_list_contents .= ' <div class="ui-widget-content ui-corner-bottom productListTable">' . ' <table border="0" width="100%" cellspacing="0" cellpadding="2" class="productListingData">'; while ($listing = tep_db_fetch_array($listing_query)) { $rows++; $prod_list_contents .= ' <tr>'; for ($col=0, $n=sizeof($column_list); $col<$n; $col++) { switch ($column_list[$col]) { case 'PRODUCT_LIST_MODEL': $prod_list_contents .= ' <td>' . $listing['products_model'] . '</td>'; break; case 'PRODUCT_LIST_NAME': if (isset($HTTP_GET_VARS['manufacturers_id']) && tep_not_null($HTTP_GET_VARS['manufacturers_id'])) { $prod_list_contents .= ' <td><a href="' . tep_href_link(FILENAME_PRODUCT_INFO, 'manufacturers_id=' . $HTTP_GET_VARS['manufacturers_id'] . '&products_id=' . $listing['products_id']) . '">' . $listing['products_name'] . '</a></td>'; } else { $prod_list_contents .= ' <td><a href="' . tep_href_link(FILENAME_PRODUCT_INFO, ($cPath ? 'cPath=' . $cPath . '&' : '') . 'products_id=' . $listing['products_id']) . '">' . $listing['products_name'] . '</a></td>'; } break; case 'PRODUCT_LIST_MANUFACTURER': $prod_list_contents .= ' <td><a href="' . tep_href_link(FILENAME_DEFAULT, 'manufacturers_id=' . $listing['manufacturers_id']) . '">' . $listing['manufacturers_name'] . '</a></td>'; break; case 'PRODUCT_LIST_PRICE': if (tep_not_null($listing['specials_new_products_price'])) { $prod_list_contents .= ' <td align="right"><del>' . $currencies->display_price($listing['products_price'], tep_get_tax_rate($listing['products_tax_class_id'])) . '</del> <span class="productSpecialPrice">' . $currencies->display_price($listing['specials_new_products_price'], tep_get_tax_rate($listing['products_tax_class_id'])) . '</span></td>'; } else { $prod_list_contents .= ' <td align="right">' . $currencies->display_price($listing['products_price'], tep_get_tax_rate($listing['products_tax_class_id'])) . '</td>'; } break; case 'PRODUCT_LIST_QUANTITY': $prod_list_contents .= ' <td align="right">' . $listing['products_quantity'] . '</td>'; break; case 'PRODUCT_LIST_WEIGHT': $prod_list_contents .= ' <td align="right">' . $listing['products_weight'] . '</td>'; break; case 'PRODUCT_LIST_IMAGE': if (isset($HTTP_GET_VARS['manufacturers_id']) && tep_not_null($HTTP_GET_VARS['manufacturers_id'])) { $prod_list_contents .= ' <td align="center"><a href="' . tep_href_link(FILENAME_PRODUCT_INFO, 'manufacturers_id=' . $HTTP_GET_VARS['manufacturers_id'] . '&products_id=' . $listing['products_id']) . '">' . tep_image(DIR_WS_IMAGES . $listing['products_image'], $listing['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT) . '</a></td>'; } else { $prod_list_contents .= ' <td align="center"><a href="' . tep_href_link(FILENAME_PRODUCT_INFO, ($cPath ? 'cPath=' . $cPath . '&' : '') . 'products_id=' . $listing['products_id']) . '">' . tep_image(DIR_WS_IMAGES . $listing['products_image'], $listing['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT) . '</a></td>'; } break; case 'PRODUCT_LIST_BUY_NOW': $prod_list_contents .= ' <td align="center">' . tep_draw_button(IMAGE_BUTTON_BUY_NOW, 'cart', tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')) . 'action=buy_now&products_id=' . $listing['products_id'])) . '</td>'; break; } } $prod_list_contents .= ' </tr>'; } $prod_list_contents .= ' </table>' . ' </div>' . '</div>'; echo $prod_list_contents; } else { ?> <p><?php echo TEXT_NO_PRODUCTS; ?></p> <?php } if ( ($listing_split->number_of_rows > 0) && ((PREV_NEXT_BAR_LOCATION == '2') || (PREV_NEXT_BAR_LOCATION == '3')) ) { ?> <br /> <div> <span style="float: right;"><?php echo TEXT_RESULT_PAGE . ' ' . $listing_split->display_links(MAX_DISPLAY_PAGE_LINKS, tep_get_all_get_params(array('page', 'info', 'x', 'y'))); ?></span> <span><?php echo $listing_split->display_count(TEXT_DISPLAY_NUMBER_OF_PRODUCTS); ?></span> </div> <?php } ?> </div> THANK YOU!!!