Offline Order Processing

[DrByte]

which does process the credit card with a gateway service.

Which gateway is *that*?

You're leaving out a LOT of information from the bigger picture here, and that information would seem to be quite crucial to help get the *best* solution to your client's business needs, even if said *best* solution doesn't come in the box they think it should come in.

Where would be a good place to start to collect order information so I may send that information to another system?

Well, you're asking a complex question:
a) if you're blindly accepting unauthorized credit cards to complete your online orders, then you have NO way of immediately rejecting fraudulent orders, and no way of protecting yourself against address-validation failures. Your customers will *think* they've paid, when in fact they've not.

b) and the only way to store card information for processing via another system requires that you build your own bespoke PERFECTLY SECURE and FULLY PCI-COMPLIANT (yes, that means a whole NEW round of QA assessments and fees) including your own non-internet-connected servers for processing and handling the card details.
Even if you dare to store the information encrypted, you're not allowed to store that on an internet-connected server.
But, this isn't the place to discuss all the PCI Compliance requirements or regulations.
Clearly you're not interested in any of US telling you that you can't do what you're wanting to do the way you're wanting to do it.

Besides, even if we did have exact code and encryption logic for you to use, we could NOT post it publicly or it'd immediately invalidate its security and safety.

So, pick an order export addon plus an appropriate existing payment module, and feel free to write your own means of dealing with the data. Just be certain you understand all the risks you're subjecting both yourself and your client to by doing so.


I still submit to you that your client is better served by connecting their store directly to existing live gateway for handling payments. And it'll cost THEM a whole lot LESS to do, and be up and running WAY faster than the route you've described.

[D-man]

Again, your comments are greatly appreciated.

I am in agreement with your concerns regarding credit card information and hopefully the client can be convinced that their requirements are heading down the wrong path.

Lets take the credit card data off the table.

I still need to send order details (what was ordered and quantity) to an inventory management application. I will look into the order export addons as recommended.

Thanks.

[bobby]

I see that we have to comply with PCI standards and guidelines.
As a store owner I understand this problem.
I need to resolve it too.
I have credit card processing station and I prefer to manually enter credit card information.
I have requirements by government officials.
I need to check if customer license is valid and only then process credit card.
In most cases it is valid, but sometimes it has an issues and can be rejected by government.
I have to comply with everyone.
So basically what I need is:
1.Collect information from client
2. Check if his current license is valid and only then process.
If there is payment mode that first collect and after validation of license process it.
Please help anyone.
I am asking only for legal ways.
Thank you.

[DrByte]

Use a live CC gateway, have the customer enter their payment details online, just like if they were actually paying for the order right away ....... but, set the payment module into "authorize only" mode, so that the funds are only held, not actually charged. Then when the rest of your order/ID verification is complete you can go into your payment gateway console and "capture" the funds and then update the order status, and then proceed with filling/shipping the order.

For more information about "authorize" vs "capture" strategies, talk to your merchant account provider.

[bobby]

Thank you.
At least I know what direction to go.