XenoPhage Posted April 22, 2009 Share Posted April 22, 2009 A customer of ours has a request. They would like the ability for a user of their site to jump out of the checkout, add more items, and get back to checkout without having to re-enter credit card information. It sounds like the CC information would have to be stored in either a cookie on the user's computer (super insecure) or in a session on the server (still insecure, but much less so). Has anyone done anything similar? I'm very wary of the idea as I really don't want any CC information whatsoever stored on the server. Is there a way to do this that might be remotely acceptable and secure? Thanks, XenoPhage XenoPhage Link to comment Share on other sites More sharing options...
masat Posted April 23, 2009 Share Posted April 23, 2009 Hi Jason, I had to comment on this one. I feel the same way about cc numbers and security but some customers just have to have them stored. Here's the way I see it. If you are standing in line at the store checking out and the checkout cashier is just ringing up your last item would you really say, "You know, I've decided to do some more shopping. Could you possibly be a sweetheart and hold my wallet until I return. Thank you so much." I have had to turn clients down that insisted on storing credit card numbers. Maybe you could just try to stress how vitally important this issue is. Maybe remind them how much it might cost if their identity were hijacked. Is it really worth a very minor inconvenience of typing a few digits. Another matter maybe also which module you are using for checkout. I could look. Cause I know it can be done. And you could look and you know it can be done but that is the best I can do for you because I am so sticky about this issue of cc numbs in the db. What does their privacy policy say about it. I have come across several that storing the cc numbs is in direct contradiction to the stated privacy/conditions of use. If you roam this forum you will find the answer. It is here. Please be careful. Good Luck How do you know when you know what you want to do for the rest of your life? Link to comment Share on other sites More sharing options...
♥toyicebear Posted April 23, 2009 Share Posted April 23, 2009 Against about every merchant account providers TOS and not advicable at all. Definitely against being PCI Compliant. Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.