Jump to content

Archived

This topic is now archived and is closed to further replies.

packblitz

Credit Card Processing System Question

Recommended Posts

We process our credit cards through a POS ethernet terminal. When an order comes in it uses the 'Credit Card' payment class. The first 4 and last 4 card digits and the expiration date get stored on the order (unencrypted). The middle 8 digits get stored in the database in a different non-descript table than the 'orders' table. When an order is printed out, it pulls the first 4 and last 4 card digits and the expiration date from the database. It also pulls the middle 8 from the non-descript table and puts them together on the invoice paper print-out. As soon as the print out is done, the middle 8 digits are automatically erased from the non-descript table in the db. The paper print out is done over https.

 

Here's my question, is this secure and if not what can I do to improve this system's security?

 

Thanks! I'm going over the PCI compliance stuff and want to get it done correctly.

Share this post


Link to post
Share on other sites

@@packblitz

 

You CANNOT collect credit card information in that manner UNTIL YOU ARE ALREADY PCI DSS COMPLIANT. Also, the credit card module you are using will NOT pass PCI DSS compliance standards.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

I hope you're not printing out the entire credit card number on the customer invoice! That is never done. It would most definitely not be PCI compliant.

Share this post


Link to post
Share on other sites

PCI compliance aside, most merchant accounts forbid the use of in-store POS terminals to process web (or any other non-in-person) card transactions. Having a physical card in hand is lower risk of fraud, and they can charge lower fees. If they catch you doing what it sounds like you're doing, you'll catch hell from them.

Share this post


Link to post
Share on other sites

×