Jump to content
Latest News: (loading..)
Sign in to follow this  
deanmassey

Processing the credit cards off line

Recommended Posts

We chose to install the OS shopping cart because it would fit our needs by allowing us to capture the credit card information and send us an e-mail so we could process the order off-line, by using our own local bank’s credit card processing company. When we set up the OS cart and completed the information in the Admin section for Modules. Under the Credit Card section it indicates “Not For Production Use”. My question is how do we activate this option so we can use it in production? We did complete the informaion it was asking for thanking that it would allow the module to wrok however that was not the case when we went to test the site. It was clearly stated we could use this payment option with your package on there site under FAQ. That was the reason for us to down load and install on our server. Thank you in advance with any help we can receive.

Share this post


Link to post
Share on other sites

Dean

 

Recent regulations from the Card Processing industry make it mandatory to pass their accreditation if your are going to store or process card information in any way on your site.

 

You really need to read up on this before you go any further.

 

Post 4 looks interesting.

 

HTH

 

G

Edited by geoffreywalton

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

geoffreywalton is right, but you can do this easily and be 100% PCI compliant if you use a PCI compliant manual payment gateway.

 

We are with e-Path (http://e-path.com.au) and it works fine for us.

 

Our customers enter their credit cards in our e-Path PCI complaint gateway system and not on our cart which is the big difference. If your cart doesn't touch credit card data then PCI compliance in not required for your cart at all - this is stated in the PCI standard.

 

But you stll need to be accepting credit cards online in compliance to PCI and when we use e-Path this is exactly what we are doing.

 

I like doing offline processing, it is the cheapest way and I have control over what I accept and don't accept. Can't beat that!

 

Hope this helps.

Edited by HappyPappy

Share this post


Link to post
Share on other sites

Reading all the comments regarding offline card process. Either I am going to jail or most of the reservations about htis process are wayyyy off base. As a government contractor I am required to process my contract payments by credit card. The process goes like this: 1. I invoice the Fed, receive a fax with payment authorization, 3. Log onto my merchant account , type in the credit card information and the money shows up in my bank within three days, usually two. I have been doing it like this for almost five years, and VISA/MC approved the process in advance, after verifying my identify and business information. I cannot see how taking the info at the website and manually punching it in is any different. I will gladly stand corrected if someone ca do so, although my five years of experience doing this will be hard to dispute. FULL DISCLOSURE:, I do not store information on my site and I am using Agora5 shopping cart. The only reason I do is because of the offline credit card processing feature.

Share this post


Link to post
Share on other sites

Reading all the comments regarding offline card process. Either I am going to jail or most of the reservations about htis process are wayyyy off base. As a government contractor I am required to process my contract payments by credit card. The process goes like this: 1. I invoice the Fed, receive a fax with payment authorization, 3. Log onto my merchant account , type in the credit card information and the money shows up in my bank within three days, usually two. I have been doing it like this for almost five years, and VISA/MC approved the process in advance, after verifying my identify and business information. I cannot see how taking the info at the website and manually punching it in is any different. I will gladly stand corrected if someone ca do so, although my five years of experience doing this will be hard to dispute. FULL DISCLOSURE:, I do not store information on my site and I am using Agora5 shopping cart. The only reason I do is because of the offline credit card processing feature.

IFS - If you are storing the ENTIRE credit card number on your site/database, then you are definitely WAY out of PCI compliance. At the very least, you should use the option to split up the card digits/info and have half of it emailed to you via an offsite email address, and store the rest in your database. The PCI compliance rules SPECIFICALLY state that you are not allowed to store full customer credit card numbers on one server/place.

 

BTW: These rules are all fairly new, so I'm not negating your 5 years of experience, I'm just saying that the rules might not have even existed/been a requirement back then.

 

Edit: Ah, I just noticed that you are taking FAX credit card numbers. I was referring to taking online credit card numbers and sttoring them. My bad. As long as you rip up the fax as soon as you process the charge, I believe you are still in compliance. I should really read the ENTIRE post before I respond "off the cuff" ;)

 

Jason

Share this post


Link to post
Share on other sites
3. Log onto my merchant account , type in the credit card information and the money shows up in my bank within three days, usually two. I have been doing it like this for almost five years, and VISA/MC approved the process in advance, after verifying my identify and business information. I cannot see how taking the info at the website and manually punching it in is any different.

 

If you are using a Virtual Terminal on a secure site, you are compliant (PayPal offers virtual terminals that are compliant). If you are manually entering the credit card information into a Merchant Machine you are NOT compliant. Further, the storing of ANY complete credit card information requires you to be PCI DSS complaint most everywhere now. (North America)

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

If you are using a Virtual Terminal on a secure site, you are compliant (PayPal offers virtual terminals that are compliant). If you are manually entering the credit card information into a Merchant Machine you are NOT compliant. Further, the storing of ANY complete credit card information requires you to be PCI DSS complaint most everywhere now. (North America)

 

 

Chris

 

Legally speaking, Chris is correct, and of course, even if the law where you live doesn't explicitly stipulate rigid safety precautions, you should probably exercise them to begin with for the sake of your customers. Manually entering the CC information into portable processing machines is rarely safe, and most good processors will offer secure gateways/virtual terminals these days to bypass that sort of problem.

 

Secondly, and I just have to say this whenever PayPal is brought up, yes they offer security compliant virtual terminals, but their rates are awful. :) Just because they're big, doesn't mean that every one should be using them by default.

Edited by Jan Zonjee
removed link

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×