Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

PCI Compliant E-mail Module


Rubin Remus

Recommended Posts

Hello everybody,

 

I am currently building a site for a client who requires payment details to be e-mailed to him. Before everybody explains how insecure this can be, I'll shed a little more light on the subject.

 

He is very aware of the dangers of transmitting and storing unencrypted data and non-PCI Compliant information, but I need to figure out a way to make this be PCI Compliant. The reason he wants them e-mailed to him is because he is selling stock from a shop as well as online, and if he sells the last of a particular item from stock in the shop, and ten minutes later somebody purchases it online, typically, payment will be taken at that point, and he'll have to refund it, or order it in, and his suppliers can't be too quick with their deliveries at times. In the UK it is illegal for him to say that he has it in stock if there's a chance that he doesn't, so he'd rather have the details and process it as CNP after despatch only.

 

OR, if the above isn't possible, is there a module which will allow him to process the payment online AFTER despatch?

 

To be honest, I would rather he used an off-site payment gateway for reasons of security, but he's the customer, I can't make that choice for him.

 

Any help, suggestions or advice would be superb! Thanks for reading!

Link to comment
Share on other sites

Having installed it, I can answer my own question. It is NOT EVEN CLOSE to being PCI-Compliant!

 

It stores the data in the database totally unencrypted and in plain text.

 

Does anyone know how to make this securely encrypted?

 

Thanks.

Link to comment
Share on other sites

His best options would be to use a payment gateway and take deferred payments - I know SagePay can do this but I'm sure others can as well - that way the credit card is authorised but payment is not taken until "released" i.e. at the time of dispatch

Link to comment
Share on other sites

His best options would be to use a payment gateway and take deferred payments - I know SagePay can do this but I'm sure others can as well - that way the credit card is authorised but payment is not taken until "released" i.e. at the time of dispatch

This is exactly what I told him about an hour ago, and now he's gone for that, despite the extra expense.

 

Thanks for your comment though, it made me a little more sure of myself!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...