Jump to content
Sign in to follow this  
secif

credit card payment with osCommerce

Recommended Posts

hello,

 

i`m trying to configure credit card payments from oscommerce to bank gateway, but i`m facing some difficulties.

 

i have install osCommerce and then i installed an add-ons called "Encrypted Credit Card with cvv2" as a payment module. does any one knows how to configure this module with a bank gateway to process payments. Now when i buy something from primary page and when i chose "Credit Card" as payment method it just insert a row in orders table with order details(including credit card info(encrypted)). i want to know how to process these payment to bank. how to configure bank information(gateway, merchant_id, etc...) with this module

 

or is there any other module for processing payments with credit cards through bank payment gateway

 

any help would be appreciated

Share this post


Link to post
Share on other sites

What osC version? Is this add-on supposed to be compatible with it? Also, be sure to check first that your bank/merchant account is happy that you're storing credit card information, including the CVV2! That is usually in violation of agreements, and not meeting PCI-DSS standards. Even though it's encrypted, it won't take a hacker long snooping around your code to discover the encryption method and key, and access all the goodies in your database. If they're OK with this, make sure you have in writing that you're not liable for damage done by security breaches.

Share this post


Link to post
Share on other sites

If you are using a bank gateway, you need to install the module for that (i.e. Authorize.net) which passes the credit card information to your card processor automatically.


Let's make things easier for new osCommerce users http://forums.oscommerce.com/topic/402638-discussion-about-hard-coded-database-tables/?p=1718900  Getting there with osCommerce 2.4! :thumbsup:

Share this post


Link to post
Share on other sites

I think the "Encrypted Credit Card with cvv2" add-on was intended for offline (manual) processing of credit cards, such as through a brick-and-mortar store point of sale terminal. If you intend to use it in this way, first check with your bank that they're OK with your doing this. Most will forbid it, and those that allow it will charge higher fees (because of the higher fraud rate of online purchases). As you are handling credit card information on your site, PCI-DSS security regulations will apply. Figure out just what you want to do regarding accepting credit cards, and what the total cost is, before proceeding any further.

 

There are payment gateways that allow you to handle credit cards on your site without storing CC data (a direct connection to the merchant account). There are third party payment sites (such as PayPal) that handle everything for you. Both charge fees, of course. Security requirements are much higher (PCI-DSS) and more expensive if you are going to actually have CC data pass through your own site (SSL, mandatory security audits, handling fees). Unless you expect to have quite high volumes, a third party payment system is probably cheaper. The only real downside is that customers see that they are being taken offsite for payment. If your sales volume goes up to the point that keeping it all on-site is cheaper (payment gateway/merchant account), you can always switch over in the future.

 

If those who control osC had any sense, they would remove all add-ons which encourage getting around payment security practices, such as "Encrypted Credit Card with cvv2". If someone had their credit card information stolen on a site which used such an add-on, it's quite possible that Harald, et al. would be in a lot of legal trouble.

Share this post


Link to post
Share on other sites

If those who control osC had any sense, they would remove all add-ons which encourage getting around payment security practices, such as "Encrypted Credit Card with cvv2". If someone had their credit card information stolen on a site which used such an add-on, it's quite possible that Harald, et al. would be in a lot of legal trouble.

 

Impossible.  Read the GPL, legal terms of use of code.

Share this post


Link to post
Share on other sites

What a jury thinks and what the GPL says are two different things. At least in the US, if you provide a "defective product" (e.g., software that is obviously insecure), you might be held liable for damages (losses when the system is hacked). Just sayin'.

Share this post


Link to post
Share on other sites

indeed i don't want to save credit card information, i just want to process payment.

as i see from above this module i have installed its just for offline payments, and that`s not my target @

what module do you suggest?

 

oscommerce version 2.3.4

Share this post


Link to post
Share on other sites

Why not use a module that was designed to work with your bank or card payment provider. If tthere isnt one, they should be able to supply you with a working module. Speak to them and see what they suggest.


REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Phoenix version here

It's easy to say to yes every question.

Share this post


Link to post
Share on other sites

What you are saying is 100% incorrect, and spreads FUD.  Read the GPL for yourself, it is quite clear.

 

What the GPL says and what a "good" lawyer can convince a jury is the truth, can be two completely different things. That's all I'm saying. Using code which can unnecessarily expose customer financial data to hackers is a good way to get slapped with a big lawsuit -- the store owner, the osC organization, the bank, et al. Therefore, it's not a good idea to use it, or to provide it for use.

Share this post


Link to post
Share on other sites

@@secif Who is your bank/payment processor? There are addons available for all popular payment gateways.


Let's make things easier for new osCommerce users http://forums.oscommerce.com/topic/402638-discussion-about-hard-coded-database-tables/?p=1718900  Getting there with osCommerce 2.4! :thumbsup:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×