Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

CVV2 for 2.2RC2a


rickvv

Recommended Posts

I have gotten through reading the install doc for Google Junky's CVV2 contribuition.

In the 3rd step find/replace, the instaructions are as follows, except that the code block doesn't exist. I have updated my OScommerce on BlueHost using Fantastico (2.2 Release Candidate 2a + buySAFE)...what have I missed?

Thanks so much,

Rickvv

:

Find this code block(Near line 200)
<?php
   }
?>

REPLACE WITH:

<?php if (MODULE_PAYMENT_CC_CVV2 == 'True') { 
?>
         <tr>
            <td class="main"><?php echo ENTRY_CREDIT_CARD_CVV2; ?></td>
            <td class="main"><?php echo $order->info['cc_cvv2']; ?></td>
         </tr>
<?php
    	}
		}
?>

Link to comment
Share on other sites

It is beyond me why anyone running osCommerce would want to store credit card info on your server. It subjects you to PCI compliance and the possibility of tens of thousands of dollars in fines, should something go wrong. So, you want to use a free, open source program to store credit card info?

 

If you can afford the PCI compliance and liability for the fines you can surely afford a proprietary program that is less likely to be hacked.

 

If you are going to use osCommerce I strongly suggest you use a credit card solution that sends the customer to your credit card processors site to complete the transaction, and you not store any card info on your server.

 

Of course, that's just my 2 cent opinion. Sorry it does not offer any help on your problem but my honest opinion is that you should not be doing this. Thad add on was created in the days is was acceptable to do what you want to do. Today it is no longer acceptable, but not illegal or anything of course.

Edited by mdtaylorlrim

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

rickvv,

 

if you followed the instruction to a "T", then it should run and show the cvv2 box.

 

Probably you didn't uninstall your credit card module before editing. So if you did not, go to your payment module and uninstall. Once you have done that, move a copy of the edited orders.php and reinstall the module.

 

Goodluck!

Link to comment
Share on other sites

We were fine when OScommerce split the credit card number, replacing half the digits with X's and didn't require the CVV.

My client has an aversion to automating this (although he does have a credit card processor that can plug into OSC), he has products which he claims are difficult to add shipping costs onto, during the ordering process. He is doing much of this whole process manually, in spite of himself.

I am looking at this PCI compliance, and realizing that my client will probably need to migrate off OSCommerce, and get over to something else. Or at least use the Processor Gateway.

(You should have seen what he was doing before OScommerce three years ago...his "cart" was sending an email with the entire creditCard number, along with customer's personal info out. That was scary).

Thanks for your input,

rickvv

 

 

It is beyond me why anyone running osCommerce would want to store credit card info on your server. It subjects you to PCI compliance and the possibility of tens of thousands of dollars in fines, should something go wrong. So, you want to use a free, open source program to store credit card info?

 

If you can afford the PCI compliance and liability for the fines you can surely afford a proprietary program that is less likely to be hacked.

 

If you are going to use osCommerce I strongly suggest you use a credit card solution that sends the customer to your credit card processors site to complete the transaction, and you not store any card info on your server.

 

Of course, that's just my 2 cent opinion. Sorry it does not offer any help on your problem but my honest opinion is that you should not be doing this. Thad add on was created in the days is was acceptable to do what you want to do. Today it is no longer acceptable, but not illegal or anything of course.

Link to comment
Share on other sites

he has products which he claims are difficult to add shipping costs onto, during the ordering process. He is doing much of this whole process manually, in spite of himself.

He is doing this obviously because he wants the ability to change the order after the customer completes the sale. Ok, no problem. EVERY credit card processor has a function to AUTHORIZE the card only during the transaction. He can then review the sale, make changes, take as long as he wants to fiddle with the transaction, and when he gets it right, even waiting days for customer approval, he can mark the transaction to be charged to the card. I do the same thing due to the high cost of products and legal issues with the sale. All my sales must be confirmed prior to making them final. It works fine for me.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

Yes. He wants to add shipping which may change with each item (heavy rubber fatigue mats that are drop-shipped.)

 

This might be a huge relief. Thanks for getting me to look in that direction.

I will work on this.

Thanks so very much :)

 

 

He is doing this obviously because he wants the ability to change the order after the customer completes the sale. Ok, no problem. EVERY credit card processor has a function to AUTHORIZE the card only during the transaction. He can then review the sale, make changes, take as long as he wants to fiddle with the transaction, and when he gets it right, even waiting days for customer approval, he can mark the transaction to be charged to the card. I do the same thing due to the high cost of products and legal issues with the sale. All my sales must be confirmed prior to making them final. It works fine for me.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...