Art Clay World Posted October 22, 2008 Share Posted October 22, 2008 We have decided to implement osCommerce on our website, but we do not want to process any payments directly online. We would rather receive all order information including payment type (MC, VISA, AMEX, DISC, PayPal, Check, Money Order, etc.) and payment information. I'm sure you're going to ask why, and the reason is simple. We have an internal accounting software that we HAVE to enter all order information into and it has it's own payment gateway and virtual terminal. Since we have to enter all the information, we would rather receive only the order information and process it through the accounting software. This also allows us to modify any pricing or order totals before processing the payment. In addition, it allows other businesses that have "net terms" or that pay by check to use the shopping cart but not have to pay at the time the order is submitted. So, the question is there a module that has been created that bypasses the payment processing or is this as simple as not setting up the payment processing portion of osCommerce? Any advice or assitance is greatly appreciated! Mike Quote Link to comment Share on other sites More sharing options...
Guest Posted October 23, 2008 Share Posted October 23, 2008 We have decided to implement osCommerce on our website, but we do not want to process any payments directly online. We would rather receive all order information including payment type (MC, VISA, AMEX, DISC, PayPal, Check, Money Order, etc.) and payment information. I'm sure you're going to ask why, and the reason is simple. We have an internal accounting software that we HAVE to enter all order information into and it has it's own payment gateway and virtual terminal. Since we have to enter all the information, we would rather receive only the order information and process it through the accounting software. This also allows us to modify any pricing or order totals before processing the payment. In addition, it allows other businesses that have "net terms" or that pay by check to use the shopping cart but not have to pay at the time the order is submitted. So, the question is there a module that has been created that bypasses the payment processing or is this as simple as not setting up the payment processing portion of osCommerce? Any advice or assitance is greatly appreciated! Mike Bump as I'm after the same thing Quote Link to comment Share on other sites More sharing options...
FRCBobby Posted October 28, 2008 Share Posted October 28, 2008 I would like this info to, osmeone has to know. Quote Link to comment Share on other sites More sharing options...
Art Clay World Posted October 30, 2008 Author Share Posted October 30, 2008 So far no luck :( I'm really hoping someone out there can help, as I can see that this may be a common question! Quote Link to comment Share on other sites More sharing options...
ppworks Posted October 30, 2008 Share Posted October 30, 2008 Anyone on just collecting the customers cc number for processing after/when items are shipped. Sometimes prices change... Quote Link to comment Share on other sites More sharing options...
Guest Posted October 30, 2008 Share Posted October 30, 2008 If you wish to store any CC info your server must be PCI compliant - read this post for more information about it. You will also need permission from your acquiring bank to process "e-commerce" transactions as a "CNP" (card holder not present) order - many do not permit this. If you are going to do what you propose you would also prevent cardholders from using 3D-Secure (Verified by Visa / Mastercard Securecode) which would normally remove the liability in the case of fraud from your business. If your concern is that the order value may change at the time of shipping almost all online payment gateways allow you to process the transaction as a shadow so that the card is authorised but no money taken until you choose to "release" the payment (at which point you can change the value of the transaction). It is cheap, safer, more secure, more convienent etc in the long term to go with a direct online processing solution Quote Link to comment Share on other sites More sharing options...
acbatchelor Posted November 1, 2008 Share Posted November 1, 2008 If you want to run the credit card own your own then go to your admin and under payment modules, just select "Credit Card (not for production use)". Don't worry about the not for production use part. When someone buys something you will be emailed that you have an order and it will give you the items and price in the email. Then you can go to the admin and find the type of card, card number, expiration date, and more. Quote Link to comment Share on other sites More sharing options...
Guest Posted November 1, 2008 Share Posted November 1, 2008 and then you get sued for tens of thousands for storing CC info in a none compliant way that is open to anyone to help themselves to fraudulently. The rules are there to protect everyone - follow them Quote Link to comment Share on other sites More sharing options...
Spike_B Posted November 28, 2008 Share Posted November 28, 2008 We have decided to implement osCommerce on our website, but we do not want to process any payments directly online. So, the question is there a module that has been created that bypasses the payment processing or is this as simple as not setting up the payment processing portion of osCommerce? Any advice or assitance is greatly appreciated! Mike Hello Mike, did you have any successful replies to this post, I also need to have the customer place his order without any payment processing. We wholesale to a special customer base with individual invoicing procedures. I can't see this as being particularly unusual. This has got to be possible - why don't any of the cms shop systems seem to have this facility. regards - spike Quote Link to comment Share on other sites More sharing options...
FRCBobby Posted December 2, 2008 Share Posted December 2, 2008 Anyone?? Quote Link to comment Share on other sites More sharing options...
Art Clay World Posted December 2, 2008 Author Share Posted December 2, 2008 Hello Mike,did you have any successful replies to this post, I also need to have the customer place his order without any payment processing. We wholesale to a special customer base with individual invoicing procedures. I can't see this as being particularly unusual. This has got to be possible - why don't any of the cms shop systems seem to have this facility. regards - spike Hey Spike, Unfortunately, no I haven't had any reasonable responses. I understand everyone's concerns about security, but I don't think that they realize exactly what I'm trying to do. Although, you would figure that there are more than a few stores out there that still utilize a SSL for encrypting the data transmission. Actually, our current shopping cart splits the information so that it splits the payment information into an email with the expiration date and verification code, whereas the card number is encrypted in the database. We actually have some pretty extreme security controls. The long and short, no help yet. I'll keep everyone posted if I figure something out or get any good advice. Quote Link to comment Share on other sites More sharing options...
Guest Posted December 2, 2008 Share Posted December 2, 2008 splits the payment information into an email with the expiration date and verification code, Firstly, email is the most insecure system possible. Secondly, you are not allowed to store the verification code (CVV code) at all Thirdly, encryption is not enough to protect the credit card number. Is your site PCI compliant (dedicated db server with physical and software access restriction etc) and certified as such? If, because of complex requirements, you don't wish to charge the customer at the time the order is placed then simply use an online gateway to create a deferred transaction (i.e. a shadow transaction that authenticates the card), which can be released to the correct order value when you are ready - security issues solved! Quote Link to comment Share on other sites More sharing options...
aaronmus Posted December 3, 2008 Share Posted December 3, 2008 I would like the customer to skip payment and then he pays at my shop. I only want to receive a notice at admin that the customer has chosen that product (orders). This shouldn't be difficuilt. Any help please ? Much appreciated. Quote Link to comment Share on other sites More sharing options...
Art Clay World Posted December 4, 2008 Author Share Posted December 4, 2008 Ok, I've decided to give a better explanation... We want to use the shopping cart in a standard matter, however, when it comes to the payment processing, we DO NOT want the card to be authorized or captured. We want to do the authorization and capturing through a separate processing unit that does not have a website integration feature. We would still use and SSL and follow every other standard procedure of the shopping cart. Hopefully this explains the circumstances better. We in no way want to collect and store billing information. Quote Link to comment Share on other sites More sharing options...
mike240se Posted December 11, 2008 Share Posted December 11, 2008 I would like to do the same thing. We have a credit card terminal, and all our customers pick up their items. but we would like to be able to get their payment info online. the built in system does not work i guess? i thought the idea of storing part of the card in the DB and part sent in email would not be bad. We would delete the card info from the databsae as soon as the card was processed. if the built in system is no good for that, is there some way for us to do this? basically the requirement is to use our credit card machine. that is the only requirement. Quote Link to comment Share on other sites More sharing options...
♥zelf Posted December 11, 2008 Share Posted December 11, 2008 For everyone looking into this, you must have missed the post a few posts back stating to use the credit card processing (not for production use) module in payment options. This will store credit card information. You will not be PCI compliant, but it you will be able to store them without the card being processed online. You will see the credit card information on each order. I would suggest you at least remove the cc information daily after you are finished entering the information. Oh yeah, I would not at all advise this, but there you go. Quote Virtual Merchant a.k.a. Elavon, ViaKlix, Nova Payment Module Contribution Link to comment Share on other sites More sharing options...
mike240se Posted December 11, 2008 Share Posted December 11, 2008 For everyone looking into this, you must have missed the post a few posts back stating to use the credit card processing (not for production use) module in payment options. This will store credit card information. You will not be PCI compliant, but it you will be able to store them without the card being processed online. You will see the credit card information on each order. I would suggest you at least remove the cc information daily after you are finished entering the information. Oh yeah, I would not at all advise this, but there you go. i didnt miss it, its just that it doesnt work. i always get the error: The first four digits of the number entered are: 5231<br>If that number is correct, we do not accept that type of credit card.<br>If it is wrong, please try again. I have been using real numbers and they dont work. plus i dont know why i am getting that <br> in there. Quote Link to comment Share on other sites More sharing options...
FRCBobby Posted December 11, 2008 Share Posted December 11, 2008 I ended up getting a deletion system so that as soon as I process the card I can delete the card number and the cvv. Quote Link to comment Share on other sites More sharing options...
♥zelf Posted December 11, 2008 Share Posted December 11, 2008 The first four digits of the number entered are: 5231<br>If that number is correct, we do not accept that type of credit card.<br>If it is wrong, please try again. What version of osC are you using. Also please post your cc_validation.php class. plus i dont know why i am getting that <br> in there. The <br> is in the error string returned by cc_validation.php. This in my opinion is a flaw in the osC payment module. I have fixed this on my site by storing errors in a session variable rather than returning them in the url. This way I was able to format the error and get rid of the <br> nonsense. Quote Virtual Merchant a.k.a. Elavon, ViaKlix, Nova Payment Module Contribution Link to comment Share on other sites More sharing options...
mike240se Posted December 11, 2008 Share Posted December 11, 2008 (edited) What version of osC are you using. Also please post your cc_validation.php class. The <br> is in the error string returned by cc_validation.php. This in my opinion is a flaw in the osC payment module. I have fixed this on my site by storing errors in a session variable rather than returning them in the url. This way I was able to format the error and get rid of the <br> nonsense. its 2.2-ms2 and the file contents are: <?php /* $Id: cc_validation.php,v 1.3 2003/02/12 20:43:41 hpdl Exp $ osCommerce, Open Source E-Commerce Solutions [url="http://www.oscommerce.com"]http://www.oscommerce.com[/url] Copyright © 2003 osCommerce Released under the GNU General Public License */ class cc_validation { var $cc_type, $cc_number, $cc_expiry_month, $cc_expiry_year; function validate($number, $expiry_m, $expiry_y) { $this->cc_number = ereg_replace('[^0-9]', '', $number); if (ereg('^4[0-9]{12}([0-9]{3})?$', $this->cc_number)) { $this->cc_type = 'Visa'; } elseif (ereg('^5[1-5][0-9]{14}$', $this->cc_number)) { $this->cc_type = 'Master Card'; } elseif (ereg('^3[47][0-9]{13}$', $this->cc_number)) { $this->cc_type = 'American Express'; } elseif (ereg('^3(0[0-5]|[68][0-9])[0-9]{11}$', $this->cc_number)) { $this->cc_type = 'Diners Club'; } elseif (ereg('^6011[0-9]{12}$', $this->cc_number)) { $this->cc_type = 'Discover'; } elseif (ereg('^(3[0-9]{4}|2131|1800)[0-9]{11}$', $this->cc_number)) { $this->cc_type = 'JCB'; } elseif (ereg('^5610[0-9]{12}$', $this->cc_number)) { $this->cc_type = 'Australian BankCard'; } else { return -1; } if (is_numeric($expiry_m) && ($expiry_m > 0) && ($expiry_m < 13)) { $this->cc_expiry_month = $expiry_m; } else { return -2; } $current_year = date('Y'); $expiry_y = substr($current_year, 0, 2) . $expiry_y; if (is_numeric($expiry_y) && ($expiry_y >= $current_year) && ($expiry_y <= ($current_year + 10))) { $this->cc_expiry_year = $expiry_y; } else { return -3; } if ($expiry_y == $current_year) { if ($expiry_m < date('n')) { return -4; } } return $this->is_valid(); } function is_valid() { $cardNumber = strrev($this->cc_number); $numSum = 0; for ($i=0; $i<strlen($cardNumber); $i++) { $currentNum = substr($cardNumber, $i, 1); // Double every second digit if ($i % 2 == 1) { $currentNum *= 2; } // Add digits of 2-digit numbers together if ($currentNum > 9) { $firstNum = $currentNum % 10; $secondNum = ($currentNum - $firstNum) / 10; $currentNum = $firstNum + $secondNum; } $numSum += $currentNum; } // If the total has no remainder it's OK return ($numSum % 10 == 0); } } ?> i tried a legit MC and a legit Amex number to test and they didnt work. (just changed a couple of the middle numbers) but left the first 4 the same, but it says the first 4 are no good you are using this CC module? everyone is saying how bad it is to use it.... EDIT: i just realized that the error about the first 4 numbers only comes up when i put the card number in with too many digits. if i put a real card number in, with the correct digits, it says "The credit card number entered is invalid.<br>Please check the number and try again." also i was able to just remove the <br>'s from the error by editing includes/languages/english.php Edited December 11, 2008 by mike240se Quote Link to comment Share on other sites More sharing options...
mike240se Posted December 12, 2008 Share Posted December 12, 2008 EDIT: i just realized that the error about the first 4 numbers only comes up when i put the card number in with too many digits. if i put a real card number in, with the correct digits, it says "The credit card number entered is invalid.<br>Please check the number and try again." also i was able to just remove the <br>'s from the error by editing includes/languages/english.php Help BB Code Help Help Toggle Side Panel Quote Link to comment Share on other sites More sharing options...
mike240se Posted December 12, 2008 Share Posted December 12, 2008 OK i realized the problem. so dumb on my part, i thought as long as the first 4 were ok, i could change the other numbers around. didnt realize there was a formula to make sure a card number was valid. i used a valid expired card i have and it worked. the only thing is, even though i put an email in the module, it didnt email the middle digits to that address. now i assume it would be crazy to use this module without SSL right? would i need a shared or private ssl? i have hostgator, i think they offer a shared ssl which they say is used to take cc purchases. so would that work? Quote Link to comment Share on other sites More sharing options...
SeanPaulCail Posted December 12, 2008 Share Posted December 12, 2008 Hi, I am having the same problem. I will be watching this thread in hopes of finding a solution. thanks -Sean Quote Link to comment Share on other sites More sharing options...
Guest Posted December 12, 2008 Share Posted December 12, 2008 use the credit card processing (not for production use) module What part of not for production use are people having difficulty understanding? Quote Link to comment Share on other sites More sharing options...
SeanPaulCail Posted December 12, 2008 Share Posted December 12, 2008 What part of not for production use are people having difficulty understanding? Hi Tom, I did not see, "not for production use" in the "Credit Card" module. Are you saying that this module doesn't work on an active site? Sorry for the misunderstanding. -Sean Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.