Jump to content
Sign in to follow this  
groundswell

Payment Module for taking credit card orders?

Recommended Posts

My client that I am doing an install for has a service that she uses that is not online. She needs a module that takes the credit card information and sends it to her in an email or some kind of system that keeps this information in the osCommerce admin side. Has anyone run into this before? I cannot find a solution.

 

Thanks for your help!

Share this post


Link to post
Share on other sites

the standard oscommerce credit card module does that.

 

However it is not secure!!

 

I suggest reading throught this thread: http://forums.oscommerce.com/index.php?showtopic=261326 which discussed the problems with doing what you propose then getting back to your client and explaining that she needs to think about a different solution.

 

Tom

Share this post


Link to post
Share on other sites

I'm interested in the same setup but I'd like to log ip's and require security codes. I've spoken to my bank and they tell me that the issues with storage only become a problem once I've run the credit card info.

 

They tell me that when a customer places an order, once I run the info threw my terminal, I have to delete the credit card info as we are not setup for credit card info storage.

 

As long as I'm deleting it after we process, they say I'm complaint.

Edited by kdogg

Share this post


Link to post
Share on other sites
As long as I'm deleting it after we process, they say I'm complaint.

 

True and false. If you are a level 4 merchant, you aren't required to do jack squat to protect your customer's card data. However, if your insecure storage procedures lead to someone intercepting those numbers, you instantly get bumped up to a level 1 merchant with the likes of Amazon.com where you can expect to spend thousands a month for a level 1 PCI compliant server configuration, plus audits and fines.

 

On the other hand, a $10/month payment gateway completely removes all liability from you. Doesn't seem like a tough choice.


Please use the forums for support! I am happy to help you here, but I am unable to offer free technical support over instant messenger or e-mail.

Share this post


Link to post
Share on other sites
True and false. If you are a level 4 merchant, you aren't required to do jack squat to protect your customer's card data. However, if your insecure storage procedures lead to someone intercepting those numbers, you instantly get bumped up to a level 1 merchant with the likes of Amazon.com where you can expect to spend thousands a month for a level 1 PCI compliant server configuration, plus audits and fines.

 

On the other hand, a $10/month payment gateway completely removes all liability from you. Doesn't seem like a tough choice.

 

Problem is, its not $10 dollars a month.

 

Sounds good until you call them and actually try to sign up then find out they charge a percent for each transaction a monthly feel a per transaction fee etc.

 

By the time I give my bank there cut and the payment gateway there cut, I'm paying 4% or so.

 

My bank offers what they offer for people who DON'T want to have to deal with a gateway etc.

Edited by kdogg

Share this post


Link to post
Share on other sites

There are 2 contributions, one to remove the credit card info and one the CVV number, install them both, once the card is processed then remove the CC and CVV info from the database.

 

There will be 2 buttons to do that on the order page.

 

On a side note make sure you have strong passwords for the admin page and the database, also don't store the order emails on the server, store them on your PC. If your host has weak security on there email servers a hacker can get the first/last 4 of the CC and the CVV numbers from the email, then use a generator to find the rest of the numbers.


Installed Contributions: CCGV, Close Popup, Dynamic Meta Tags, Easy Populate, Froogle Data Feeder, Google Position, Infobox Header Entire Row, Live Support for OSC, PayPal Seal with CC images, Report_m Sales, Shop by Price Revised, SQL Updater, Who's Online Enhancement, Footer, GNA EP Assistant and still going.

Share this post


Link to post
Share on other sites

Using the cc module, are the credit card numbers stored in a file even if the order is deleted? If so, where? I just want to make sure this never becomes an issue at my store with testing.

Share this post


Link to post
Share on other sites

You don't need to delete the order, just install the contributions to remove the cc and cvv numbers and you should be ok.


Installed Contributions: CCGV, Close Popup, Dynamic Meta Tags, Easy Populate, Froogle Data Feeder, Google Position, Infobox Header Entire Row, Live Support for OSC, PayPal Seal with CC images, Report_m Sales, Shop by Price Revised, SQL Updater, Who's Online Enhancement, Footer, GNA EP Assistant and still going.

Share this post


Link to post
Share on other sites
You don't need to delete the order, just install the contributions to remove the cc and cvv numbers and you should be ok.

 

Where do I find these contributions to remove the cc and cvv numbers?

Share this post


Link to post
Share on other sites

i created below and as you can see its been stable for a while and used for at least 2 large PCI grade 3 companies. anyone with any other ideas sugestions or fixes can try it/add too it. :thumbsup:

 

HTH

 

Si.

 

http://addons.oscommerce.com/info/71/v,22

Edited by scranmer

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×