Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

credit card payment with osCommerce


secif

Recommended Posts

hello,

 

i`m trying to configure credit card payments from oscommerce to bank gateway, but i`m facing some difficulties.

 

i have install osCommerce and then i installed an add-ons called "Encrypted Credit Card with cvv2" as a payment module. does any one knows how to configure this module with a bank gateway to process payments. Now when i buy something from primary page and when i chose "Credit Card" as payment method it just insert a row in orders table with order details(including credit card info(encrypted)). i want to know how to process these payment to bank. how to configure bank information(gateway, merchant_id, etc...) with this module

 

or is there any other module for processing payments with credit cards through bank payment gateway

 

any help would be appreciated

Link to comment
Share on other sites

What osC version? Is this add-on supposed to be compatible with it? Also, be sure to check first that your bank/merchant account is happy that you're storing credit card information, including the CVV2! That is usually in violation of agreements, and not meeting PCI-DSS standards. Even though it's encrypted, it won't take a hacker long snooping around your code to discover the encryption method and key, and access all the goodies in your database. If they're OK with this, make sure you have in writing that you're not liable for damage done by security breaches.

Link to comment
Share on other sites

If you are using a bank gateway, you need to install the module for that (i.e. Authorize.net) which passes the credit card information to your card processor automatically.

osCommerce user since 2003! :thumbsup:

Link to comment
Share on other sites

I think the "Encrypted Credit Card with cvv2" add-on was intended for offline (manual) processing of credit cards, such as through a brick-and-mortar store point of sale terminal. If you intend to use it in this way, first check with your bank that they're OK with your doing this. Most will forbid it, and those that allow it will charge higher fees (because of the higher fraud rate of online purchases). As you are handling credit card information on your site, PCI-DSS security regulations will apply. Figure out just what you want to do regarding accepting credit cards, and what the total cost is, before proceeding any further.

 

There are payment gateways that allow you to handle credit cards on your site without storing CC data (a direct connection to the merchant account). There are third party payment sites (such as PayPal) that handle everything for you. Both charge fees, of course. Security requirements are much higher (PCI-DSS) and more expensive if you are going to actually have CC data pass through your own site (SSL, mandatory security audits, handling fees). Unless you expect to have quite high volumes, a third party payment system is probably cheaper. The only real downside is that customers see that they are being taken offsite for payment. If your sales volume goes up to the point that keeping it all on-site is cheaper (payment gateway/merchant account), you can always switch over in the future.

 

If those who control osC had any sense, they would remove all add-ons which encourage getting around payment security practices, such as "Encrypted Credit Card with cvv2". If someone had their credit card information stolen on a site which used such an add-on, it's quite possible that Harald, et al. would be in a lot of legal trouble.

Link to comment
Share on other sites

If those who control osC had any sense, they would remove all add-ons which encourage getting around payment security practices, such as "Encrypted Credit Card with cvv2". If someone had their credit card information stolen on a site which used such an add-on, it's quite possible that Harald, et al. would be in a lot of legal trouble.

 

Impossible.  Read the GPL, legal terms of use of code.

Link to comment
Share on other sites

What a jury thinks and what the GPL says are two different things. At least in the US, if you provide a "defective product" (e.g., software that is obviously insecure), you might be held liable for damages (losses when the system is hacked). Just sayin'.

Link to comment
Share on other sites

indeed i don't want to save credit card information, i just want to process payment.

as i see from above this module i have installed its just for offline payments, and that`s not my target @

what module do you suggest?

 

oscommerce version 2.3.4

Link to comment
Share on other sites

Why not use a module that was designed to work with your bank or card payment provider. If tthere isnt one, they should be able to supply you with a working module. Speak to them and see what they suggest.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

What you are saying is 100% incorrect, and spreads FUD.  Read the GPL for yourself, it is quite clear.

 

What the GPL says and what a "good" lawyer can convince a jury is the truth, can be two completely different things. That's all I'm saying. Using code which can unnecessarily expose customer financial data to hackers is a good way to get slapped with a big lawsuit -- the store owner, the osC organization, the bank, et al. Therefore, it's not a good idea to use it, or to provide it for use.

Link to comment
Share on other sites

  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...