I asked the question for a reason.
Most likely their existing system interfaces with an online gateway service, and the Zen Cart site could most likely be configured to talk to that same gateway directly, thus avoiding all the complexities and security risks of passing credit card data back and forth to your internal systems. Indeed you'll probably find that your client's merchant account TOS requires this, and if they discovered you were passing data via your own means into some internal system they'd probably shut them down in a flash.
There are a large number of available addons for a broad selection of known payment gateways. It'd be worth your while investigating which one would work directly with the gateway your client is actually using.
However, if you wish to write your own bespoke card encryption processing engine and provide guarantees of PA-DSS compliance for all of that coding to your client so that if they encounter a breach or a 6-digit fine you'll pay it for them, you're certainly welcome to do so.
But I submit that you're treading into dangerous turf by tackling it in the wrong direction.


Reply With Quote

