secif Posted August 31, 2016 Share Posted August 31, 2016 hello, i`m trying to configure credit card payments from oscommerce to bank gateway, but i`m facing some difficulties. i have install osCommerce and then i installed an add-ons called "Encrypted Credit Card with cvv2" as a payment module. does any one knows how to configure this module with a bank gateway to process payments. Now when i buy something from primary page and when i chose "Credit Card" as payment method it just insert a row in orders table with order details(including credit card info(encrypted)). i want to know how to process these payment to bank. how to configure bank information(gateway, merchant_id, etc...) with this module or is there any other module for processing payments with credit cards through bank payment gateway any help would be appreciated Quote Link to comment Share on other sites More sharing options...
MrPhil Posted August 31, 2016 Share Posted August 31, 2016 What osC version? Is this add-on supposed to be compatible with it? Also, be sure to check first that your bank/merchant account is happy that you're storing credit card information, including the CVV2! That is usually in violation of agreements, and not meeting PCI-DSS standards. Even though it's encrypted, it won't take a hacker long snooping around your code to discover the encryption method and key, and access all the goodies in your database. If they're OK with this, make sure you have in writing that you're not liable for damage done by security breaches. Quote Link to comment Share on other sites More sharing options...
frankl Posted August 31, 2016 Share Posted August 31, 2016 If you are using a bank gateway, you need to install the module for that (i.e. Authorize.net) which passes the credit card information to your card processor automatically. Quote osCommerce user since 2003! Link to comment Share on other sites More sharing options...
MrPhil Posted September 1, 2016 Share Posted September 1, 2016 I think the "Encrypted Credit Card with cvv2" add-on was intended for offline (manual) processing of credit cards, such as through a brick-and-mortar store point of sale terminal. If you intend to use it in this way, first check with your bank that they're OK with your doing this. Most will forbid it, and those that allow it will charge higher fees (because of the higher fraud rate of online purchases). As you are handling credit card information on your site, PCI-DSS security regulations will apply. Figure out just what you want to do regarding accepting credit cards, and what the total cost is, before proceeding any further. There are payment gateways that allow you to handle credit cards on your site without storing CC data (a direct connection to the merchant account). There are third party payment sites (such as PayPal) that handle everything for you. Both charge fees, of course. Security requirements are much higher (PCI-DSS) and more expensive if you are going to actually have CC data pass through your own site (SSL, mandatory security audits, handling fees). Unless you expect to have quite high volumes, a third party payment system is probably cheaper. The only real downside is that customers see that they are being taken offsite for payment. If your sales volume goes up to the point that keeping it all on-site is cheaper (payment gateway/merchant account), you can always switch over in the future. If those who control osC had any sense, they would remove all add-ons which encourage getting around payment security practices, such as "Encrypted Credit Card with cvv2". If someone had their credit card information stolen on a site which used such an add-on, it's quite possible that Harald, et al. would be in a lot of legal trouble. Quote Link to comment Share on other sites More sharing options...
burt Posted September 1, 2016 Share Posted September 1, 2016 If those who control osC had any sense, they would remove all add-ons which encourage getting around payment security practices, such as "Encrypted Credit Card with cvv2". If someone had their credit card information stolen on a site which used such an add-on, it's quite possible that Harald, et al. would be in a lot of legal trouble. Impossible. Read the GPL, legal terms of use of code. Quote Link to comment Share on other sites More sharing options...
MrPhil Posted September 1, 2016 Share Posted September 1, 2016 What a jury thinks and what the GPL says are two different things. At least in the US, if you provide a "defective product" (e.g., software that is obviously insecure), you might be held liable for damages (losses when the system is hacked). Just sayin'. Quote Link to comment Share on other sites More sharing options...
burt Posted September 1, 2016 Share Posted September 1, 2016 What you are saying is 100% incorrect, and spreads FUD. Read the GPL for yourself, it is quite clear. kymation and frankl 2 Quote Link to comment Share on other sites More sharing options...
secif Posted September 2, 2016 Author Share Posted September 2, 2016 indeed i don't want to save credit card information, i just want to process payment. as i see from above this module i have installed its just for offline payments, and that`s not my target @what module do you suggest? oscommerce version 2.3.4 Quote Link to comment Share on other sites More sharing options...
♥14steve14 Posted September 2, 2016 Share Posted September 2, 2016 Why not use a module that was designed to work with your bank or card payment provider. If tthere isnt one, they should be able to supply you with a working module. Speak to them and see what they suggest. Quote REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
MrPhil Posted September 2, 2016 Share Posted September 2, 2016 What you are saying is 100% incorrect, and spreads FUD. Read the GPL for yourself, it is quite clear. What the GPL says and what a "good" lawyer can convince a jury is the truth, can be two completely different things. That's all I'm saying. Using code which can unnecessarily expose customer financial data to hackers is a good way to get slapped with a big lawsuit -- the store owner, the osC organization, the bank, et al. Therefore, it's not a good idea to use it, or to provide it for use. Quote Link to comment Share on other sites More sharing options...
greasemonkey Posted September 2, 2016 Share Posted September 2, 2016 I think this GPL "discussion" has hijacked the thread ???????????? 14steve14 1 Quote Link to comment Share on other sites More sharing options...
frankl Posted September 4, 2016 Share Posted September 4, 2016 @@secif Who is your bank/payment processor? There are addons available for all popular payment gateways. Quote osCommerce user since 2003! Link to comment Share on other sites More sharing options...
cmjain735 Posted January 13, 2018 Share Posted January 13, 2018 I understood that for small business third party payment just like paypap is good Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.