Hi All,
Just upgraded from 1.3.8 to 1.3.9a for the security updates. My 'credit card - offline processing' option in admin > modules > Payment modules has disappeared.
has it been moved? As it was our main method of payment processing.
thanks!
Printable View
Hi All,
Just upgraded from 1.3.8 to 1.3.9a for the security updates. My 'credit card - offline processing' option in admin > modules > Payment modules has disappeared.
has it been moved? As it was our main method of payment processing.
thanks!
This module is not PCI compliant and has been removed from ZC.
You could consider using CEON's offline card processor at dev.ceon.net (better than the ZC module).
Ok, i will give that a try thanks! Although i couldn't find it on the site you linked to it is avaialble to download from the add-ons section of this site :)Quote:
Originally Posted by schoolboy
http://www.zen-cart.com/index.php?ma...oducts_id=1277
Hi
I have just uploaded the latest version. I see that there is no Credit Card - Offline processing in the admin area. Is this because of security issues or is it just missing?
I also noticed that a number of php files that I downloaded had a missing ?> .
Can someone please let me know about Credit card offline processing, thanks
The missing ?> is intentional.
The removal of the Offline CC Module is also intentional, due to security issues.
Thanks for the speedy reply. I was thinking that it might security reasons, does anyone know if this will be updated and made secure?
You can't make that sort of payment module secure, I don't think, especially considering PCI requirements, etc. Better to move to an online merchant account or something like Paypal.
Thanks, would it not be possible to have the email with the numbers encrypted using GnuPG and PHP. So that only the admin user had a key to read the details?
Or are there other security reasons?
The problem I have with Offline CC processing, as a customer, is that I don't know what happens to my data after the card is charged. I've seen regular telephone customers' credit card info on Post-It notes stuck to monitors.
Stores who use this method will say that they shred the info, etc., but if it only goes (encrypted) directly to the payment processor, then I can be more sure that it won't be mishandled.
As a merchant, I don't want the responsibility of knowing my customers' CC data.
As stevesh is indicating the security issues aren't with the transmission but with the person who receives the information.
Indeed it's long been a mystery to me why some people feel that it's more risky to send cc details over an encryted line to a secured server than to dictated them to somebody being paid minimum wage in a call center located in a "low rent" district or 3rd world country. But hey ho, each to their own.
Suffice to say that that the card companies are making offline processing more difficult because it reduces their exposure to fraud (and hopefully keeps their costs down). So it may be inconvenient, but it's not necessarily bad.
If offline processing really is necessary for you, then the code can be lifted from Zen Cart 1.3.8 or better still look for Ceon's offline processing mod. But be sure that you're not contravening the terms of your merchant agreement.