luis_hac Posted March 5, 2008 Share Posted March 5, 2008 I need some help, I currently process credit cards on my local terminal (manually) for my OFF-line Customers. Now that I'm making an online shop I'll like to be able to process my Credit Cards the same way, without having to go to Paypal or the like. I know that OS commerce by default can store the Credit Card number without encryptions (or transposing) the number, which I assume is very insecure. Does any one have a suggestion on how to solve my problem ?? All I want is a Payment Module that will store the CC# in a safer way, (eje. CC# 1234-1234-1234-1234 stored like CC# 1245-1234-1234-1234, CC# first 4 digits plus 13 or something like that) Thanks Quote Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted March 5, 2008 Share Posted March 5, 2008 Check the implications of doing this. You need to follow all sorts of "new" rules if you want to store cc details. As a rule of thumb, only the very big and very secure do this now. Quote Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Psilocybeing Posted March 6, 2008 Share Posted March 6, 2008 (edited) I need some help, I currently process credit cards on my local terminal (manually) for my OFF-line Customers. Now that I'm making an online shop I'll like to be able to process my Credit Cards the same way, without having to go to Paypal or the like. I know that OS commerce by default can store the Credit Card number without encryptions (or transposing) the number, which I assume is very insecure. Does any one have a suggestion on how to solve my problem ?? All I want is a Payment Module that will store the CC# in a safer way, (eje. CC# 1234-1234-1234-1234 stored like CC# 1245-1234-1234-1234, CC# first 4 digits plus 13 or something like that) Thanks If you're going to store Credit Card details, I highly recommend you read this Blog post: http://pcianswers.com/2007/05/01/encryptio...pci-compliance/ In order to be compliant with PCI standards, you MUST encrypt credit card details. Simply performing a mathematical modification to the numbers will not suffice. AES encryption is the way to go, with stringent policies on encryption keys. It's just not worth the risk of the smackdown from processors or card providers in the event of compromise. Edited March 6, 2008 by Psilocybeing Quote Link to comment Share on other sites More sharing options...
luis_hac Posted March 6, 2008 Author Share Posted March 6, 2008 I see, the reason why I'm wanting to still do the manual transaction is because some of my orders don't ship till a week later, I might have a QC problem with a product and not be able to ship it till a month later, So I don't want the customer mad at me for running his credit card before I ship the product. Any suggestions ?? Quote Link to comment Share on other sites More sharing options...
♥toyicebear Posted March 6, 2008 Share Posted March 6, 2008 Most of the payment processors gives you the option to authorize a cc payment when the customer shops in your shop and w then after you have shipped the items to the customer you can activate the withdrawal of the funds from his/hers account. Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.