Jump to content
Sign in to follow this  
IanWharton

CC module | More cards, issue number, ccv

Recommended Posts

Im astonished with the limitations of the cc module. Clients need to be able to handle more cards. Switch, solo, collect ccv, issue numbers. Not everyone needs to use thrid party payment software/companies.

 

I know there is the cc_ccv++ mod, but it is no use on MS2 or higher.

 

I cant believe there are no more options to oscommerce. In the UK switch and solo cards account for 33% of all consumer transactions.

 

 

 

 

We dont want to use any payment gateway, as the client has a pdq machine, but can someone who knows the community shed some light as to whats available?

 

Regards,

Ian Wharton

Liquideye-designs.com

Share this post


Link to post
Share on other sites

One last thing...

 

If there is no such mod, or method to the above. If the client chose Secpay ( a uk company ) is there any way to make it "seemless" as in, never leaving the oscommerce shopping cart? at the minute, on click to collect payment information, it jumps to the Secpay template.

Share this post


Link to post
Share on other sites

You can also integrate Euro-Pay.org into the site easily enough if all else fails.

 

Euro-Pay.org

 

No, I am in no way affiliated. Happened across a contribution for it a few days ago and then saw this...


Dann Out!

Share this post


Link to post
Share on other sites

Ian, As a UK based perosn myself I would love to know what you decide to do regarding credit card payments and osc.. I am just looking into who to use as I have been using paypal but i want a simpler way without a client having to sign up for paypal first which caould put people off.

 

Cheers

Edited by dapex

Share this post


Link to post
Share on other sites
Im astonished with the limitations of the cc module. Clients need to be able to handle more cards. Switch, solo, collect ccv, issue numbers. Not everyone needs to use thrid party payment software/companies.

 

I know there is the cc_ccv++ mod, but it is no use on MS2 or higher.

 

I cant believe there are no more options to oscommerce. In the UK switch and solo cards account for 33% of all consumer transactions.

 

 

 

 

We dont want to use any payment gateway, as the client has a pdq machine, but can someone who knows the community shed some light as to whats available?

 

Regards,

Ian Wharton

Liquideye-designs.com

I read that cc module is not really a module to use for live stores. It is not very secure. It is only for test purposes to get to know how other credit card modules work and expand from there.

 

That is what i am doing now, with limited knowledge I am using the cc module, but as soon as I have changed it to the way I want and see how it works, I will be definately switching, because I will know more to incorporate other things.

Share this post


Link to post
Share on other sites

Most UK stores have one input field for credit/debit cards.

some you have a dropdown list which you chose the credit/debit card type i.e visa/solo/mastercard.

Other ones you just fill in the information.

your name, card number, cc number, start/end date, isue number, and you only fill in the details needed.

Why is there no contribution that allows all type of credit/debit cards for offline transactions.

Share this post


Link to post
Share on other sites

We are all looking for is a secure and clean contribution that allows offline processing,

That has a dropdown box with the credit cards accepted (or something similar), and imput boxes for CC number, start and expiration Date and the three number check.

 

BY secure I mean encripted credit card number half in database half sent in an email, using ssl during payments processing

By clean, I mean that is a readable code that we can understand and modify

 

I dont know how to do it, but I am ready to help in whatever I can cause I am really looking for this.

Cheers

 

 

j.

Share this post


Link to post
Share on other sites

I admit it probably isnt an easy job, but neither is being a flash and motion developer. Saying that, I simply cannot create this mod by myself, otherwise I probably wouldnt be using OsCommerce in the first place.

 

I am willing to comission someone to produce this mod. Throw a fee at me.

Share this post


Link to post
Share on other sites

I guess a lot of people are wanting off line credit card processing mods, and are using the ones availble, but they dont offer the featuers needed.

Like the posts on this board allready, we all want it to accepts all credit/debit cards, we want it secure, so that no one will steal the credit card numbers, by iehter part number on site, part thru e-mail or all thru the web site in some secure easy to read manner.

I would think this would be simple by combining the modules allready availble for offline processing.

Any body from the community want to help?

Share this post


Link to post
Share on other sites

If somebody throws a list of the contribs that they want consolidated, I can start looking at this, I can't guarantee anything quickly though, probably take a couple of weeks at least. I have some customer websites and custom coding I have to take care of first, but I'll take a look. Donations are appreciated.

 

Here's what I'll need from you guys:

 

Currrent contribs/features you'd like to see (link to them so its easier for me)

List of credit cards, number of numbers on each, ccv number of digits, if any.


9 times out of 10 its a PEBCAK Error (Problem exists between chair and keyboard)

 

Replace that and you're fine...

Share this post


Link to post
Share on other sites

Hi Noel,

Thanks for this

I reckon if you take a look at the default credit card module and to cc_cvv+encryption v1.7 that would be great

Maybe someone else have any extra ideas?

thanks again

 

 

j.

Share this post


Link to post
Share on other sites

nrlatsha Thank you.

The list is long, the contributions are just the same, but it gives you a choice for easier modification and options.

The rest are just details, but you will probaly get the details from the contribs.

 

 

http://www.oscommerce.com/community/contri...ons,1754/page,2

http://www.oscommerce.com/community/contributions,88/page,3

http://www.oscommerce.com/community/contri...ons,1148/page,4

http://www.oscommerce.com/community/contributions,868/page,4

http://www.oscommerce.com/community/contributions,99/page,4

http://www.oscommerce.com/community/contri...ns,1913/page,12

http://www.oscommerce.com/community/contributions,71/page,13

 

and the below are encription methods to be turend on and off.

http://www.oscommerce.com/community/contributions,894/page,6

http://www.oscommerce.com/community/contributions,611/page,6

 

A debit card is Switch or Maestro.

The user must enter their first and second name.

The next is the card number which is 16 numbers long. i dont know the format i.e use of numbers which make it valid.

It needs to have the valid from and expires end date which is enterd 0000 for the year or some time its two drop down boxes the first with 1 to 12 for the month, then the years in two digit format i.e 02 for 2002. this must be done for the start and end date.

Then on the back is a three digit number that is the ccv number.

Some debit cards have an isua number but i havent seen them for ages on my cards or so much on web sites any more so i think they are stopping it.

 

the Visa credit card needs to have the first and second name, account number which is 16 numbers long

Then you need the start/end date and the three digit ccv number on the back.

 

I dont know about mastercard.

 

Options:

Maybe to have a choice of how the numbers are stored i.e to have the part of the number encripted and the rest of the number sent via e-mail.

or some other secure method.

 

I dont know how it will be done for security becuase if you deleate the credit card number, then the user wants a return then you will still need the number to make a refund.

Maybe just have part of the number sent via e-mail and the other part show up on the site, with the last 4 or six digits as an *.

or keep the credit card details on site, encripted but have the site show them when the admin request it in normal format, then after x days set by the admin the card number is deleated.

Any body else got requests or corrections for my comments?

Share this post


Link to post
Share on other sites

A member of OsCommerce private messaged me regarding how to best secure the credit card module. I will post my reply here:

 

I was able to get my credit card module to work flawlessly. Security is of the utmost importance. If you use the credit card module, you should make every effort to reduce the possibility that your site gets hacked. If you do all of the following, I think your site will be very secure and you will have a great credit card module.

 

While I have little programming knowledge, I have tested many contributions and found that certain contributions work with no detectible bugs which I have listed below. Keep in mind that there are hundreds of sloppy contributions out there and that more recent versions may be worse than prior versions as newer versions might be written by someone other than the original writer who is either careless or doesn?t know what they are doing. I am therefore providing you with good version numbers.

 

All contributions listed below will work on OsCommerce 2.2 Milestone 2 July 12, 2003 release.

 

1) Rename your admin directory to something other than admin and don't tell anyone what it is.

 

2) Add the following contribution:

Administration Access Level Accounts 2.0

Version: 2.3: 9/5/03

This will lock down your admin so that others can't get access to it. As an added layer of protection, you can also have your web host lock down that directory with a password.

 

3) Install an index.html file in all directories and subdirectories except for the catalog directory and the admin subdirectory. This should take less than 15 minutes to do using a good FTP program. The html should be an automatic link back to your catalog index page without a delay. The code is short and simple. This will reduce the possibility of people hacking into your software by typing in a known subdirectory by name and viewing your files.

 

4) Install the following contribution:

EZ" Secure Order & Customer Viewing for osCommerce

Version: July 18, 04

This contribution will encrypt the data for customer information and order information so that it can't be intercepted while being transferred from your server to your computer. The developers of OsCommerce failed to secure the admin side of OsCommerce with encryption even though they made the effort to encrypt important information on the customer side. This contribution addresses this. Everything other than the order and customer information is not encrypted. Using this contribution is a much better choice than changing your OsCommerce settings to secure the entire admin as it will not give you script errors when uploading pictures and it will not give you secured and unsecured information notices. Also, this contribution works with admin_23 so that your admin login now becomes secure which is very important. Why encrypt the order and customer if you don't encrypt the password to get into the admin in the first place? This real simple contribution does all of this and is an ABSOLUTE MUST if you are going to use the credit card module.

 

5) Install the following contribution:

CVV for cc.php

version: CVV1.24. Jan 8, 04

This will add CVV's to your credit card module, with a button that will delete the CVV from the customer database after you charge the card. This is an absolute requirement to comply with any merchant account as you may not keep CVV numbers on record. As an added bonus, this module includes an awesome help feature for users with a very clean popup image showing exactly where they can find the CVV for all types of credit cards.

 

6) Install the following contribution:

Clear CC number from orders

version: May 7, 03

This is a great contribution that will automatically delete the credit card information from the customer account when you change the order from pending to processing or from processing to delivered. You should set the credit card module to email you half the numbers by providing your email address (preferably from an email server that is not shared with your web hosting server). Print out the email. Go into the client account, write down the remaining numbers on the printout, but don't write the CVV number. Process the card, when done, update the status in OsCommerce and the credit card number will be deleted from the database automatically. Then push the clear CVV number button and the CVV number will be erased from the database. The database will still keep the expiration date on file. Keep the printout for your records in case you have to do a chargeback. This way, your database will have virtually no credit card numbers in it (partial or whole) as you delete them as you go along but you should always maintain a paper copy in case of a future chargeback.

 

7) You might want to add credit card images to your credit card module like I did. It is very easy to do with simple html or php. Store them in your image directory. When you write the code informing the software where the little credit card images are, use the address of your secured server. By doing this, the credit card images will be displayed in the payment module and the customer will not see a secured unsecured warning.

 

8) If your merchant account sends a confirmation with the last four or first 4 numbers via email, you will need to reverse the order in the programming so that OsCommerce emails you the first and last 4 and keeps the middle in the database. I explained how to do this in one of my posts under the name secretuser.

 

There is no absolute security, but I think this is pretty good. If you decide to follow these instruction, you do so at your own risk.

Share this post


Link to post
Share on other sites

One more thing, I sell only in the United States. I do not know anything about Switch and Solo cards and this is the first time I have heard about them.

 

In the United States, everyone pays by either MasterCard, VISA, American Express, or Discover card. All card companies work together to keep them nearly identical for processing purposes so all you need is name, card number, expiration date, and CVV.

 

In the United States it doesn't matter whether you have a debit card or a credit card. VISA and MasterCard work the exact same way for debit VISA or credit VISA.

 

I find it puzzling why the UK took a different approach for debit cards by creating an entirely different system when it would have been much easier for everyone if it was incorporated with the credit card business.

Share this post


Link to post
Share on other sites

In the above details contribution at number 6 "Clear CC number from orders"

Would it make a differance if when an order is set to complete or void that it automaticly deleates all credit card details after x amount of days.

x amount being set by the admin to allow for processing and charge back.

set the x to 1 or 3 days over your return products deadline.

 

I did notice it said it keeps the expiration date to allow for chargebacks but how does that help?

Share this post


Link to post
Share on other sites

Can we finish this up, I have followed most of the instruction from secret user and it seems to be working ok.

Only I replaced CVV for cc.php for cc_cvv+encryption v1.7, because has some sort of encrytption (weak but something)

How about you guys?

Are you all satisfied with this,

 

 

j.

Share this post


Link to post
Share on other sites

I am not familiar with the other CVV, but if it works for you, that is great.

 

I have just added another contribution today that I think you should give serious consideration to. The name of the contribution is:

 

Order IP Recorder v1.0

 

This is a very good contribution because what it does is it records the IP address of every order that is made in your store and includes it in the OsCommerce administration section for that order.

 

Why have this. Will, if you are manually processing credit cards (which you are based on this topic thread), you need to know where your customer is placing an order. Sometimes an order might look legitimate when it is really a fraud. For instance, you might have an order with a PO Box in New York, name, phone number, and valid credit card information. Everything looks great until you do a quick check on the IP address and find that the order was placed in Nigeria.

 

To check the IP address, you go to an IP checking website like:

 

http://www.geobytes.com/IpLocator.htm

 

which gives you lots of information or

 

http://www.webmaster-toolkit.com/ip-address-locator.shtml

 

which just gives you the country

 

There is another contribution that does this automatically to a certain extent called MaxMind, but I have not used it as I am concerned about sending bits of credit card numbers to a third unknown party and the disclosures I might have to make on my site for using MaxMind. I decided it is just as easy to check the order IP myself.

 

The contribution has 2 install text files, use the one inside the folder as it is dated 8/30/04 when you select properties and the contribution was fixed so that the checkout confirmation page tells the user the IP has been recorded.

 

There is one very outdated section of instructions for installing on OsCommerce 2.2 Milestone 2, the July 2003 edition.

 

Under step 4, it says to find the following in catalog/checkout_confirmation.php:

 

<td align="right"><?php echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER); ?></td>

</tr>

 

This code is no longer there. Instead look for:

 

echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . '</form>' . "\n";

?>

 

Insert the new text on the line below the ?> and you will be fine.

Share this post


Link to post
Share on other sites
There is another contribution that does this automatically to a certain extent called MaxMind, but I have not used it as I am concerned about sending bits of credit card numbers to a third unknown party and the disclosures I might have to make on my site for using MaxMind. I decided it is just as easy to check the order IP myself.

MaxMind is a good contrib! You only send the first 6 of the card number, which correlates to the bank ID.... And theres a heap of other info in there as well. Check it out. Plus the guy who wrote it is awesome!

 

MaxMind


9 times out of 10 its a PEBCAK Error (Problem exists between chair and keyboard)

 

Replace that and you're fine...

Share this post


Link to post
Share on other sites
MaxMind is a good contrib! You only send the first 6 of the card number, which correlates to the bank ID.... And theres a heap of other info in there as well.  Check it out. Plus the guy who wrote it is awesome!

 

MaxMind

I suspect you are the cool person that wrote the MaxMind contribution :D. It was through your forum I learned how important it was to obtain the IP of the buyer. One of your contribution users had a purchase for a U.S. delivery but the IP was from Vietnam. In spite of this, his merchant account fraud protection approved the charge even though it clearly deserves further inquiry.

 

I myself am interested in your contribution. Right now my sales are slow, so I will manually check the IP addresses. If sales pick up, I will seriously consider your fine contribution. I know it is very popular among those that accept credit cards directly and should be given a serious consideration for adding it for those that process many credit card numbers.

Share this post


Link to post
Share on other sites
MaxMind is a good contrib! You only send the first 6 of the card number, which correlates to the bank ID.... And theres a heap of other info in there as well.? Check it out. Plus the guy who wrote it is awesome!

 

MaxMind

I suspect you are the cool person that wrote the MaxMind contribution :D. It was through your forum I learned how important it was to obtain the IP of the buyer. One of your contribution users had a purchase for a U.S. delivery but the IP was from Vietnam. In spite of this, his merchant account fraud protection approved the charge even though it clearly deserves further inquiry.

 

I myself am interested in your contribution. Right now my sales are slow, so I will manually check the IP addresses. If sales pick up, I will seriously consider your fine contribution. I know it is very popular among those that accept credit cards directly and should be given a serious consideration for adding it for those that process many credit card numbers.

Word.

 

Your instincts serve you well... I wrote that one out of need and "coolness"

 

Credit cards issuing companies screw the merchants, no if's, and's, or but's about it. Every little thing you can do to try to get a leg up, is worth it. And the service is free from MaxMind. <plug>You can check out all their stuff here: Maxmind Those are the guys that do the geoIP stuff for the user tracking contrib. They have alot of other very cool stuff on their site as well. I don't have too much of a need for some, but its still cool. </plug>


9 times out of 10 its a PEBCAK Error (Problem exists between chair and keyboard)

 

Replace that and you're fine...

Share this post


Link to post
Share on other sites

Hi there :'( ,

 

I am trying to install cc_cvv+encryption contribution but it`s require some mysql knowledge which I (of course) don`t have.

 

I have no idea how to implement the sql lines (see below) nor what its mean. As you may notice I am a mysql dummy. My hostingprovider won`t help me how to implement it or they don`t know how... Can you please help me how to implement it?? I got Phpmyadmin to edit the database but don`t know how to use it. If I select the table "Orders" in my database and click Properties in the Action field. I see some kind of list with CC_type, CC_owner and CC_expires. And from there I have no clou what to do..... Please help me :(

 

 

ALTER TABLE orders ADD cc_start varchar(4) default NULL AFTER cc_expires,

ADD cc_issue varchar(3) default NULL AFTER cc_start,

ADD cc_cvv varchar(4) default NULL AFTER cc_issue;

 

ALTER TABLE `orders` CHANGE `cc_number` `cc_number` VARCHAR( 64 ) DEFAULT NULL

 

DROP TABLE IF EXISTS card_blacklist;

CREATE TABLE card_blacklist (

blacklist_id int(5) NOT NULL auto_increment,

blacklist_card_number varchar(20) NOT NULL default '',

date_added datetime default NULL,

last_modified datetime default NULL,

KEY blacklist_id (blacklist_id)

) TYPE=MyISAM;

Share this post


Link to post
Share on other sites

not to worry,

Go to phpmyadmin and select the database where you have oscomemerce installed, then clcik on SQL and then simply paste the instructions there:

 

ALTER TABLE orders ADD cc_start varchar(4) default NULL AFTER cc_expires,

ADD cc_issue varchar(3) default NULL AFTER cc_start,

ADD cc_cvv varchar(4) default NULL AFTER cc_issue;

 

ALTER TABLE `orders` CHANGE `cc_number` `cc_number` VARCHAR( 64 ) DEFAULT NULL;

 

DROP TABLE IF EXISTS card_blacklist;

CREATE TABLE card_blacklist (

blacklist_id int(5) NOT NULL auto_increment,

blacklist_card_number varchar(20) NOT NULL default '',

date_added datetime default NULL,

last_modified datetime default NULL,

KEY blacklist_id (blacklist_id)

) TYPE=MyISAM;

 

note: I added a semicolon after the second paragrahp or it wont work.

Once you pasted the queries, click go.

 

that s it

 

 

j.

Share this post


Link to post
Share on other sites

Before you paste that into your PHP program, you should make a backup first.

 

To do this, do the following:

 

1) Open the appropriate database.

2) Select the Export tab (third tab over)

3) Select data and structure

4) Click select all

5) Check the box for add drop table

6) Check the box for complete inserts

7) Check the box for enclose table and field names with backquotes

8) Check save as file and check zipped

9) Click go

10) Select save and pick a location on your hard drive

Share this post


Link to post
Share on other sites

Okay, have added the above script so that I can have a CVV field, but I don't see it when I check out...

 

did I do something wrong?!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×