clevelandweb Posted January 17, 2008 Share Posted January 17, 2008 Hey Everyone, Basically, I would like to have the customer type in their Credit Card # and Exp. Date and have that information sent to me along with the order. I understand I will need SSL to secure the site. I have a credit card terminal here and would like to run the customer's credit card # manually when I receive the order. Is there a reliable contribution for this? Thanks for your help everyone! PS: I heard something about PGP? Will I need this? Thanks again. -M Quote Link to comment Share on other sites More sharing options...
♥toyicebear Posted January 18, 2008 Share Posted January 18, 2008 Hey Everyone, Basically, I would like to have the customer type in their Credit Card # and Exp. Date and have that information sent to me along with the order. I understand I will need SSL to secure the site. I have a credit card terminal here and would like to run the customer's credit card # manually when I receive the order. Is there a reliable contribution for this? Thanks for your help everyone! PS: I heard something about PGP? Will I need this? Thanks again. -M Hi, You can not collect and store cc info online unless you are PCI compliant. But there are options, you have some online services which store the info for you and you can then aquire it and use it in your terminal. If you absolutely dont want to process the cc info in real time through a payment gateway and/or you do not have a dedicated server which is set-up to be PCI compliant...then you can avail yourself of one of the services which offer PCI compliant cc storage on your behalf. Using on of those the customers cc info will be stored on the services servers during checkout, you will then be able to loginto your account at the chosen service and access the cc info to process it on your terminal. (But before doing this you should check your merchant account agreement to see if you are alowed to run sales from online venues through your terminal) Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
awhitedesigns Posted January 31, 2008 Share Posted January 31, 2008 Basically I need to go with a gateway. Is there a gateway that doesn't process the card but lets you do it with your own terminal?? Quote Link to comment Share on other sites More sharing options...
dynamoeffects Posted January 31, 2008 Share Posted January 31, 2008 Not that I'm aware of. Is your real concern not charging the card until the order is shipped? Quote Please use the forums for support! I am happy to help you here, but I am unable to offer free technical support over instant messenger or e-mail. Link to comment Share on other sites More sharing options...
awhitedesigns Posted February 4, 2008 Share Posted February 4, 2008 Not that I'm aware of. Is your real concern not charging the card until the order is shipped? Yes this is my main concern... Quote Link to comment Share on other sites More sharing options...
♥toyicebear Posted February 4, 2008 Share Posted February 4, 2008 Then you can choose a payment gateway which enables you to pre-authorize the charges upon order, then upon shipping you can loginto the payment gateway admin and activate the cc charge. Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
awhitedesigns Posted February 4, 2008 Share Posted February 4, 2008 Do you know of any like this?? Quote Link to comment Share on other sites More sharing options...
The_ancient Posted February 4, 2008 Share Posted February 4, 2008 Do you know of any like this?? All of them do this, it is a standard practice you will have to modify the modules though, as almost every module on osC is set for "capture" you need to change that to "authorize" Quote Link to comment Share on other sites More sharing options...
The_ancient Posted February 4, 2008 Share Posted February 4, 2008 Hi, You can not collect and store cc info online unless you are PCI compliant. that is not true, PCI is currently voluntary, (I think it should be mandatory) but as of the end of 2007 visa only reported 65% of its merchants has being PCI compliant Quote Link to comment Share on other sites More sharing options...
♥toyicebear Posted February 4, 2008 Share Posted February 4, 2008 Direct quote about PCI Compliance: By the end of 2007, any organization that accepts payment card transactions must be in compliance with the standards. And before someone starts to go into the the transaction levels, it does not mather if you do 1 or 10.000 in regards to being required to be PCI compliant or not. The transaction volum only mathers in regards to if you are required to do the regular PCI security scannings or not. Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
mel77 Posted February 7, 2008 Share Posted February 7, 2008 Basically, I would like to have the customer type in their Credit Card # and Exp. Date and have that information sent to me along with the order. I understand I will need SSL to secure the site. I have a credit card terminal here and would like to run the customer's credit card # manually when I receive the order. Why not enable the credit card payment module already in oscommerce? Make sure you enter you email address where it says, "split credit card e-mail address". Then you will have the customers name, first 4 numbers and last 4 numbers of the card and expiry date saved with the order on line. The middle 8 numbers will be emailed to you and not saved on line. You don't have to have ssl for this to work. Only thing is users may not buy if they don't see the padlock on the bottom of the browser. Simple Quote Link to comment Share on other sites More sharing options...
♥toyicebear Posted February 7, 2008 Share Posted February 7, 2008 Why not enable the credit card payment module already in oscommerce? Make sure you enter you email address where it says, "split credit card e-mail address". Then you will have the customers name, first 4 numbers and last 4 numbers of the card and expiry date saved with the order on line. The middle 8 numbers will be emailed to you and not saved on line. You don't have to have ssl for this to work. Only thing is users may not buy if they don't see the padlock on the bottom of the browser. Simple The absolutely worst advice so far. Doing this opens you up for sever lawsuits and fines. Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
mel77 Posted February 7, 2008 Share Posted February 7, 2008 Excuse my ignorance - I dont understand- so if you dont mind explaining to me, if the credit card number is not saved on the server, why is there a problem? Quote Link to comment Share on other sites More sharing options...
♥toyicebear Posted February 7, 2008 Share Posted February 7, 2008 (edited) Excuse my ignorance - I dont understand- so if you dont mind explaining to me, if the credit card number is not saved on the server, why is there a problem? 1. Never take cc information unless you are on SSL , all info inputed/transmitted over non-ssl connections can easily be "snapped-up" 2. Storing half the number in the db and half by email is still not secure , and it does not comply by the PCI rules by itself. If you are not PCI compliant you are not alowed to store cc info in the db, and you can not circumvent that by just splitting it between db and email eighter. If you wish to store cc info you need to be PCI compliant. If not then you need to use a PCI compliant cc storage service or an instant payment gateway for your shop. Edited February 7, 2008 by toyicebear Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
spiritalan Posted February 9, 2008 Share Posted February 9, 2008 1. Never take cc information unless you are on SSL , all info inputed/transmitted over non-ssl connections can easily be "snapped-up" 2. Storing half the number in the db and half by email is still not secure , and it does not comply by the PCI rules by itself. If you are not PCI compliant you are not alowed to store cc info in the db, and you can not circumvent that by just splitting it between db and email eighter. If you wish to store cc info you need to be PCI compliant. If not then you need to use a PCI compliant cc storage service or an instant payment gateway for your shop. Hello, When you mentioned using an instant payment gateway, would using PayPal's Website Payments Pro fall into this category? What about the contribution for Authorize.net? Thanks. Quote Production:osCommerce V. 2.3.4BSVPS Box Link to comment Share on other sites More sharing options...
♥toyicebear Posted February 9, 2008 Share Posted February 9, 2008 Hello, When you mentioned using an instant payment gateway, would using PayPal's Website Payments Pro fall into this category? What about the contribution for Authorize.net? Thanks. PayPal Pro PayPal PayFlow Authorize.Net Linkpoint are all examples of payment gateways + there are many more available out there too... Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
swebber11 Posted February 10, 2008 Share Posted February 10, 2008 Hello, When you mentioned using an instant payment gateway, would using PayPal's Website Payments Pro fall into this category? What about the contribution for Authorize.net? Thanks. Authorize.net is already installed. You probably want to choose the SIM module, stands for simple integration method, basically a customer will be transfered to Auth.net to complete their transaction. Quote Link to comment Share on other sites More sharing options...
spiritalan Posted February 10, 2008 Share Posted February 10, 2008 Thank you for your answers. Now I would like to be a little more specific in my inquiry. If I use PayPal Website Payments Pro and accept credit card infomation on my site, rather than using express checkout, is the credit card information stored on my server? Also if I use the Advance Authorized.net contribution and take cc info on my site is this info stored on my server? Thanks Quote Production:osCommerce V. 2.3.4BSVPS Box Link to comment Share on other sites More sharing options...
♥toyicebear Posted February 11, 2008 Share Posted February 11, 2008 Thank you for your answers. Now I would like to be a little more specific in my inquiry. If I use PayPal Website Payments Pro and accept credit card infomation on my site, rather than using express checkout, is the credit card information stored on my server? Also if I use the Advance Authorized.net contribution and take cc info on my site is this info stored on my server? Thanks No,it is not stored on your server. Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
IridiumCorp Posted February 12, 2008 Share Posted February 12, 2008 There seems to be some confusion about PCI compliance and card details storage so I shall clarify. Being a payment gateway you can take this as the definitive answer. A card merchant is any merchant who uses any device, be it instore, online, or over the phone. Every merchant who receives, transmits, or stores or all of the before mentioned MUST be PCI compliant. PCI compliance is a set of rules that governs how a merchant handles card details and if any merchant who takes card, regardless of the medium, has a security breach ( ie you have been having details emailed to you from you website and your computer gets stolen and the thief sells on the card details ) you are liable to be fined as a merchant - bank - whatever for each card record stolen. So you can trade without being PCI compliant but if you get caught out you could face fines, being card scheme black listed, being personally black listed or all. Clevelandweb, Transactions originating over the web MUST be flagged as internet transactions. There is no other way to do it than through a gateway. If you take your card details from a website and process them manually through your terminal these are the following violations you are carrying out. 1. In proper transaction flagging. 2. Numerous PCI violations. 3. In proper MCC coding. 4. 3D Secure avoidance 5. Processing a card holder present transaction without giving a receipt at the point of transaction. There are more but you get the point. Anyone of these is serious enough to have your merchant account yanked by the bank if they find out. Now if you have a terminal you already have a merchant account. Getting that extended to take internet payments is as easy as a phone call. If your acquiring bank tries to charge you setup fees tell them no. I can set you up an IMA for nothing if they persist. Once you have an IMA register it with a gateway. Tie your website into the gateway. Get yourself PCI compliant. Its easy and can be done in a couple of hours if you use a service like : Scan Alert Its 149 USD per year and is an invaluable exercise to go through. It makes sure you are trading safe. It makes sure if something goes wrong that you are protected from card scheme retribution. Hope that clears this up once and for all. IRC Quote Link to comment Share on other sites More sharing options...
num007 Posted February 15, 2008 Share Posted February 15, 2008 So I don't know ,Why Osc have to have " Credit Card Payment Modules" Becuz when we open this Payment Modules, How can I get money from my client, Pls tell me Quote Link to comment Share on other sites More sharing options...
♥toyicebear Posted February 21, 2008 Share Posted February 21, 2008 So I don't know ,Why Osc have to have " Credit Card Payment Modules"Becuz when we open this Payment Modules, How can I get money from my client, Pls tell me That module is just for testing. You will need to use a payment processor to accept payments. You can get your own merchant account and a sutible payment gateway or you can sign up with a 3 party all in one processor like PayPal Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.