basic Credit Card module, used for Offline CC order processing?

[uniqueliving]

Greetings everyone!

I am also looking for the "basic Credit Card module" location. I basically just want to collect CC information, then process credit cards manually.

I would be grateful for any insight. :)

Mike

Hi Mike this is the link for the manual credit card module i use it works very well
http://www.zen-cart.com/index.php?ma...oducts_id=1277
hope this helps you out

[schoolboy]

I trust you are both aware of PCI-DSS compliance issues relating to capturing CC info?

Card companies are taking a very dim view of clients who do offline processing - especially if it is explicit in their T&C's that you do not do so.

The downside is not nice... Any fraud on your site and you will pick up the tab (including costs), and you run the risk of being black-listed... No CC gateway will take you on board again.

[uniqueliving]

I trust you are both aware of PCI-DSS compliance issues relating to capturing CC info?

Card companies are taking a very dim view of clients who do offline processing - especially if it is explicit in their T&C's that you do not do so.

The downside is not nice... Any fraud on your site and you will pick up the tab (including costs), and you run the risk of being black-listed... No CC gateway will take you on board again.

I have been using this for a year now and the bank hasnt said anything what would you suggest to use insted of this.

[schoolboy]

I have been using this for a year now and the bank hasnt said anything what would you suggest to use insted of this.

The bank hasn't said anything because they haven't found out yet... or you haven't experienced a fraud yet.

I can't recall the case exactly, but a few years ago a webshop owner here in the UK was processing cards in this fashion and a fraudster hacked into their site, got a stack of card numbers, and the CVV numbers AND the customers' addresses... and then had a field day! With all that "required" info to hand, there was no stopping the rapid carnage that followed.

Within 72 hours, the crooks had done over £100,000 "damage".

The affected banks sued the shop owner for the loss, AND the costs of administering the problem.

The chap lost his business, his house and I think he's still trying to pay everything off.

You need to configure a payment gateway (like PayPal) so that card transactions take place AWAY from your server...

[rstevenson]

I can't recall the case exactly, but a few years ago a webshop owner here in the UK was processing cards in this fashion and a fraudster hacked into their site, got a stack of card numbers, and the CVV numbers AND the customers' addresses... and then had a field day! With all that "required" info to hand, there was no stopping the rapid carnage that followed.

I'm sure schoolboy knows that Zen Cart does not make that scenario possible. The full CC number is not stored in ZC's database.

It's a good thing to be warned about issues and possible consequences, but the warnings should be relevant.

Rob

[schoolboy]

The news report never stated that it was a "zencart" site. No mention was made of the technology driving that webshop (I'll try to reference the case for you.) The point was that the merchant was collecting card info and this was against his T&C's. And it just about ruined him.

Last year I had TWO instances of hackers entering clients' sites and "installing" the c-card module, applying their email addresses for the middle 8 digits and blocking the clients' own admin logins, changing the order confirmation copy email to admin... etc.

In one instance the damage was quite serious... I got a call from the client after 5 days to say "we've had no orders for a week... what's going wrong?" They did have orders... about 120 of them... and the crooks had made off with 120 c-card details AND the personal data of the shoppers.

Fortunately we were able to technically demonstrate that the module was not active prior to the hacks (admin activity log and a few other forensics), and only a small amount of fraud had taken place, despite the relatively large number of card details collected.

So even in a scenario where that mod is not even installed... hackers know how to exploit the admin panel once they are in.

I immediately set about removing the php files for offline cc payments from over 100 client sites and via a clever bit of php which a colleague built, we formulated a hidden alarm system to warn if the module even became "active" again.

Good riddance to that module. It passed its sell-by date a long time ago.

[gilby]

I have been using this for a year now and the bank hasnt said anything what would you suggest to use insted of this.

You could check this out as an offline alternative e-path(dot)com(dot)au

[uniqueliving]

ok might remove ceon for the moment till i sort it out and look into it.
I was looking over a post last week that told me the differance between the paypal accounts and do you think i can find it again has anyone seen it.

[stevesh]

https://www.zen-cart.com/tutorials/index.php?article=28