How to accept Credit Cards without PayPal or Payment Gateway

[clevelandweb 0]

Hey Everyone,

 

Basically, I would like to have the customer type in their Credit Card # and Exp. Date and have that information sent to me along with the order. I understand I will need SSL to secure the site. I have a credit card terminal here and would like to run the customer's credit card # manually when I receive the order.

 

Is there a reliable contribution for this? Thanks for your help everyone!

 

PS: I heard something about PGP? Will I need this? Thanks again.

 

-M

[♥toyicebear 206]

Hey Everyone,

 

Basically, I would like to have the customer type in their Credit Card # and Exp. Date and have that information sent to me along with the order. I understand I will need SSL to secure the site. I have a credit card terminal here and would like to run the customer's credit card # manually when I receive the order.

 

Is there a reliable contribution for this? Thanks for your help everyone!

 

PS: I heard something about PGP? Will I need this? Thanks again.

 

-M

 

Hi,

 

You can not collect and store cc info online unless you are PCI compliant.

 

But there are options, you have some online services which store the info for you and you can then aquire it and use it in your terminal.

 

If you absolutely dont want to process the cc info in real time through a payment gateway and/or you do not have a dedicated server which is set-up to be PCI compliant...then you can avail yourself of one of the services which offer PCI compliant cc storage on your behalf.

 

Using on of those the customers cc info will be stored on the services servers during checkout, you will then be able to loginto your account at the chosen service and access the cc info to process it on your terminal.

 

(But before doing this you should check your merchant account agreement to see if you are alowed to run sales from online venues through your terminal)

[awhitedesigns 0]

Basically I need to go with a gateway. Is there a gateway that doesn't process the card but lets you do it with your own terminal??

[dynamoeffects 3]

Not that I'm aware of. Is your real concern not charging the card until the order is shipped?

[awhitedesigns 0]

Not that I'm aware of. Is your real concern not charging the card until the order is shipped?

 

 

Yes this is my main concern...

[♥toyicebear 206]

Then you can choose a payment gateway which enables you to pre-authorize the charges upon order, then upon shipping you can loginto the payment gateway admin and activate the cc charge.

[awhitedesigns 0]

Do you know of any like this??

[The_ancient 0]

Do you know of any like this??

 

All of them do this, it is a standard practice

 

you will have to modify the modules though, as almost every module on osC is set for "capture" you need to change that to "authorize"

[The_ancient 0]

Hi,

 

You can not collect and store cc info online unless you are PCI compliant.

 

that is not true, PCI is currently voluntary, (I think it should be mandatory) but as of the end of 2007 visa only reported 65% of its merchants has being PCI compliant

[♥toyicebear 206]

Direct quote about PCI Compliance:

By the end of 2007, any organization that accepts payment card transactions must be in compliance with the standards.

 

And before someone starts to go into the the transaction levels, it does not mather if you do 1 or 10.000 in regards to being required to be PCI compliant or not.

 

The transaction volum only mathers in regards to if you are required to do the regular PCI security scannings or not.

[mel77 0]

Basically, I would like to have the customer type in their Credit Card # and Exp. Date and have that information sent to me along with the order. I understand I will need SSL to secure the site. I have a credit card terminal here and would like to run the customer's credit card # manually when I receive the order.

 

Why not enable the credit card payment module already in oscommerce?

 

Make sure you enter you email address where it says, "split credit card e-mail address".

 

Then you will have the customers name, first 4 numbers and last 4 numbers of the card and expiry date saved with the order on line.

 

The middle 8 numbers will be emailed to you and not saved on line.

 

You don't have to have ssl for this to work. Only thing is users may not buy if they don't see the padlock on the bottom of the browser.

 

Simple

[♥toyicebear 206]

Why not enable the credit card payment module already in oscommerce?

 

Make sure you enter you email address where it says, "split credit card e-mail address".

 

Then you will have the customers name, first 4 numbers and last 4 numbers of the card and expiry date saved with the order on line.

 

The middle 8 numbers will be emailed to you and not saved on line.

 

You don't have to have ssl for this to work. Only thing is users may not buy if they don't see the padlock on the bottom of the browser.

 

Simple

 

 

The absolutely worst advice so far. Doing this opens you up for sever lawsuits and fines.

[mel77 0]

Excuse my ignorance - I dont understand- so if you dont mind explaining to me, if the credit card number is not saved on the server, why is there a problem?

[♥toyicebear 206]

Excuse my ignorance - I dont understand- so if you dont mind explaining to me, if the credit card number is not saved on the server, why is there a problem?

 

 

 

1. Never take cc information unless you are on SSL , all info inputed/transmitted over non-ssl connections can easily be "snapped-up"

 

2. Storing half the number in the db and half by email is still not secure , and it does not comply by the PCI rules by itself.

 

 

If you are not PCI compliant you are not alowed to store cc info in the db, and you can not circumvent that by just splitting it between db and email eighter.

 

If you wish to store cc info you need to be PCI compliant.

 

If not then you need to use a PCI compliant cc storage service or an instant payment gateway for your shop.

Edited February 7, 2008 by toyicebear

[spiritalan 3]

1. Never take cc information unless you are on SSL , all info inputed/transmitted over non-ssl connections can easily be "snapped-up"

 

2. Storing half the number in the db and half by email is still not secure , and it does not comply by the PCI rules by itself.

If you are not PCI compliant you are not alowed to store cc info in the db, and you can not circumvent that by just splitting it between db and email eighter.

 

If you wish to store cc info you need to be PCI compliant.

 

If not then you need to use a PCI compliant cc storage service or an instant payment gateway for your shop.

 

Hello,

 

When you mentioned using an instant payment gateway, would using PayPal's Website Payments Pro fall into this category?

 

What about the contribution for Authorize.net?

Thanks.

[♥toyicebear 206]

Hello,

 

When you mentioned using an instant payment gateway, would using PayPal's Website Payments Pro fall into this category?

 

What about the contribution for Authorize.net?

Thanks.

 

 

PayPal Pro

PayPal PayFlow

Authorize.Net

Linkpoint

 

are all examples of payment gateways

 

+ there are many more available out there too...

[swebber11 0]

Hello,

 

When you mentioned using an instant payment gateway, would using PayPal's Website Payments Pro fall into this category?

 

What about the contribution for Authorize.net?

Thanks.

 

Authorize.net is already installed. You probably want to choose the SIM module, stands for simple integration method, basically a customer will be transfered to Auth.net to complete their transaction.

[spiritalan 3]

Thank you for your answers. Now I would like to be a little more specific in my inquiry.

 

If I use PayPal Website Payments Pro and accept credit card infomation on my site, rather than using express checkout, is the credit card information stored on my server?

 

Also if I use the Advance Authorized.net contribution and take cc info on my site is this info stored on my server?

 

Thanks

[♥toyicebear 206]

Thank you for your answers. Now I would like to be a little more specific in my inquiry.

 

If I use PayPal Website Payments Pro and accept credit card infomation on my site, rather than using express checkout, is the credit card information stored on my server?

 

Also if I use the Advance Authorized.net contribution and take cc info on my site is this info stored on my server?

 

Thanks

 

 

No,it is not stored on your server.

[IridiumCorp 0]

There seems to be some confusion about PCI compliance and card details storage so I shall clarify. Being a payment gateway you can take this as the definitive answer.

 

A card merchant is any merchant who uses any device, be it instore, online, or over the phone. Every merchant who receives, transmits, or stores or all of the before mentioned MUST be PCI compliant. PCI compliance is a set of rules that governs how a merchant handles card details and if any merchant who takes card, regardless of the medium, has a security breach ( ie you have been having details emailed to you from you website and your computer gets stolen and the thief sells on the card details ) you are liable to be fined as a merchant - bank - whatever for each card record stolen.

 

So you can trade without being PCI compliant but if you get caught out you could face fines, being card scheme black listed, being personally black listed or all.

 

Clevelandweb,

 

Transactions originating over the web MUST be flagged as internet transactions. There is no other way to do it than through a gateway. If you take your card details from a website and process them manually through your terminal these are the following violations you are carrying out.

 

1. In proper transaction flagging.

2. Numerous PCI violations.

3. In proper MCC coding.

4. 3D Secure avoidance

5. Processing a card holder present transaction without giving a receipt at the point of transaction.

 

There are more but you get the point. Anyone of these is serious enough to have your merchant account yanked by the bank if they find out.

 

Now if you have a terminal you already have a merchant account. Getting that extended to take internet payments is as easy as a phone call. If your acquiring bank tries to charge you setup fees tell them no. I can set you up an IMA for nothing if they persist.

 

Once you have an IMA register it with a gateway. Tie your website into the gateway. Get yourself PCI compliant. Its easy and can be done in a couple of hours if you use a service like :

 

Scan Alert

 

Its 149 USD per year and is an invaluable exercise to go through. It makes sure you are trading safe. It makes sure if something goes wrong that you are protected from card scheme retribution.

 

Hope that clears this up once and for all.

 

IRC

[num007 0]

So I don't know ,Why Osc have to have " Credit Card Payment Modules"

Becuz when we open this Payment Modules, How can I get money from my client,

Pls tell me

[♥toyicebear 206]

So I don't know ,Why Osc have to have " Credit Card Payment Modules"

Becuz when we open this Payment Modules, How can I get money from my client,

Pls tell me

 

 

That module is just for testing.

 

You will need to use a payment processor to accept payments.

 

You can get your own merchant account and a sutible payment gateway or you can sign up with a 3 party all in one processor like PayPal