groundswell Posted September 15, 2007 Share Posted September 15, 2007 My client that I am doing an install for has a service that she uses that is not online. She needs a module that takes the credit card information and sends it to her in an email or some kind of system that keeps this information in the osCommerce admin side. Has anyone run into this before? I cannot find a solution. Thanks for your help! Quote Link to comment Share on other sites More sharing options...
Guest Posted September 16, 2007 Share Posted September 16, 2007 the standard oscommerce credit card module does that. However it is not secure!! I suggest reading throught this thread: http://www.oscommerce.com/forums/index.php?showtopic=261326 which discussed the problems with doing what you propose then getting back to your client and explaining that she needs to think about a different solution. Tom Quote Link to comment Share on other sites More sharing options...
kdogg Posted September 18, 2007 Share Posted September 18, 2007 (edited) I'm interested in the same setup but I'd like to log ip's and require security codes. I've spoken to my bank and they tell me that the issues with storage only become a problem once I've run the credit card info. They tell me that when a customer places an order, once I run the info threw my terminal, I have to delete the credit card info as we are not setup for credit card info storage. As long as I'm deleting it after we process, they say I'm complaint. Edited September 18, 2007 by kdogg Quote Link to comment Share on other sites More sharing options...
dynamoeffects Posted September 18, 2007 Share Posted September 18, 2007 As long as I'm deleting it after we process, they say I'm complaint. True and false. If you are a level 4 merchant, you aren't required to do jack squat to protect your customer's card data. However, if your insecure storage procedures lead to someone intercepting those numbers, you instantly get bumped up to a level 1 merchant with the likes of Amazon.com where you can expect to spend thousands a month for a level 1 PCI compliant server configuration, plus audits and fines. On the other hand, a $10/month payment gateway completely removes all liability from you. Doesn't seem like a tough choice. Quote Please use the forums for support! I am happy to help you here, but I am unable to offer free technical support over instant messenger or e-mail. Link to comment Share on other sites More sharing options...
kdogg Posted September 25, 2007 Share Posted September 25, 2007 (edited) True and false. If you are a level 4 merchant, you aren't required to do jack squat to protect your customer's card data. However, if your insecure storage procedures lead to someone intercepting those numbers, you instantly get bumped up to a level 1 merchant with the likes of Amazon.com where you can expect to spend thousands a month for a level 1 PCI compliant server configuration, plus audits and fines. On the other hand, a $10/month payment gateway completely removes all liability from you. Doesn't seem like a tough choice. Problem is, its not $10 dollars a month. Sounds good until you call them and actually try to sign up then find out they charge a percent for each transaction a monthly feel a per transaction fee etc. By the time I give my bank there cut and the payment gateway there cut, I'm paying 4% or so. My bank offers what they offer for people who DON'T want to have to deal with a gateway etc. Edited September 25, 2007 by kdogg Quote Link to comment Share on other sites More sharing options...
bobg7 Posted September 25, 2007 Share Posted September 25, 2007 There are 2 contributions, one to remove the credit card info and one the CVV number, install them both, once the card is processed then remove the CC and CVV info from the database. There will be 2 buttons to do that on the order page. On a side note make sure you have strong passwords for the admin page and the database, also don't store the order emails on the server, store them on your PC. If your host has weak security on there email servers a hacker can get the first/last 4 of the CC and the CVV numbers from the email, then use a generator to find the rest of the numbers. Quote Installed Contributions: CCGV, Close Popup, Dynamic Meta Tags, Easy Populate, Froogle Data Feeder, Google Position, Infobox Header Entire Row, Live Support for OSC, PayPal Seal with CC images, Report_m Sales, Shop by Price Revised, SQL Updater, Who's Online Enhancement, Footer, GNA EP Assistant and still going. Link to comment Share on other sites More sharing options...
sbottom2 Posted September 26, 2007 Share Posted September 26, 2007 Using the cc module, are the credit card numbers stored in a file even if the order is deleted? If so, where? I just want to make sure this never becomes an issue at my store with testing. Quote Link to comment Share on other sites More sharing options...
bobg7 Posted September 26, 2007 Share Posted September 26, 2007 You don't need to delete the order, just install the contributions to remove the cc and cvv numbers and you should be ok. Quote Installed Contributions: CCGV, Close Popup, Dynamic Meta Tags, Easy Populate, Froogle Data Feeder, Google Position, Infobox Header Entire Row, Live Support for OSC, PayPal Seal with CC images, Report_m Sales, Shop by Price Revised, SQL Updater, Who's Online Enhancement, Footer, GNA EP Assistant and still going. Link to comment Share on other sites More sharing options...
kbking Posted September 26, 2007 Share Posted September 26, 2007 You don't need to delete the order, just install the contributions to remove the cc and cvv numbers and you should be ok. Where do I find these contributions to remove the cc and cvv numbers? Quote Link to comment Share on other sites More sharing options...
kbking Posted September 26, 2007 Share Posted September 26, 2007 Where do I find these contributions to remove the cc and cvv numbers? Sorry, should have searched better. I used this one here. Quote Link to comment Share on other sites More sharing options...
scranmer Posted October 3, 2007 Share Posted October 3, 2007 (edited) i created below and as you can see its been stable for a while and used for at least 2 large PCI grade 3 companies. anyone with any other ideas sugestions or fixes can try it/add too it. :thumbsup: HTH Si. http://addons.oscommerce.com/info/71/v,22 Edited October 3, 2007 by scranmer Quote Link to comment Share on other sites More sharing options...
♥toyicebear Posted October 3, 2007 Share Posted October 3, 2007 PCI Information - important for all who are considering manually collecting and processing credit card payments. Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.