Results 1 to 8 of 8
  1. #1
    Join Date
    Apr 2007
    Location
    Dayton, Ohio
    Posts
    682
    Plugin Contributions
    0

    Default Credit Card Processing Confusion

    I have a few customers who would like to manually process credit cards. I am aware of this tutorial: https://www.zen-cart.com/tutorials/index.php?article=67 and this post: http://www.zen-cart.com/forum/showth...ine+processing which obviously I can read the strong tone in the advice.

    Which is where I am really confused. What about people who do not buy the scan terminal (in real life processing). If I recall buying a swipe machine is an additional expense (although it does save on the merchant fees) Isn't it possible that some smaller companies many not have the swipe machine? In which case they would manually enter the numbers?

    Second and most importantly for me is this: Where are all the large bank add-ons for payment processing. I don't see merchant account add ons for: US Bank, 5/3 Bank, Bank of America, and Huntington which are the larger banks in my area. Wouldn't these banks have their own payment gateways? If so I don't see modules for them.

    I guess what I am confused about is I don't see the banks in my area in the add-on areas. But I know it's not a good idea to collect credit card numbers directly on the site. So what is everyone else doing who wants to process their own credit cards? I am either missing something really big here (my guess), or other people have alternative solutions to accepting credit cards over the internet.

    These customers have Paypal but not all people want to buy with Paypal. These clients are willing to get a dedicated IP address and a Security certificate in order to accept credit cards. And why do some websites accept credit cards directly from their site? Am I forced to sign up with another online merchant account just to accept the numbers here? I am confused.
    Last edited by sports guy; 25 Feb 2012 at 08:12 PM.

  2. #2
    Join Date
    Feb 2005
    Location
    Lansing, Michigan USA
    Posts
    20,021
    Plugin Contributions
    3

    Default Re: Manual Credit Card Processing Confusion

    Most banks use one of the standard payment processing gateways, rather than their own, so you won't see a mod for, say, 5/3 Bank. You'll need to contact the bank to see what gateway they use.

    Manual credit card processing won't pass PCI compliance tests, so far as I know, which is why it was removed from Zencart. There is a mod in the Free Software Add Ons, but I doubt if anyone here who understands how things work these days will recommend it.

    My personal opinion is that you wouldn't be doing your clients any favors by helping them set manual CC processing up. Better, I think, to explain PCI compliance and steer them to a real on-site processor (like authorize.net or Paypal Payments Pro) if they don't want to use Paypal Express or Google Checkout.

    Another personal opinion - I think Paypal and other off-site payment processors are the wave of the future for small ecommerce sites, and Zenners (among others) need to get over their (often irrational) bias against them.

  3. #3
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: Manual Credit Card Processing Confusion

    Quote Originally Posted by sports guy View Post
    What about people who do not buy the scan terminal (in real life processing). If I recall buying a swipe machine is an additional expense (although it does save on the merchant fees) Isn't it possible that some smaller companies many not have the swipe machine? In which case they would manually enter the numbers?
    Any good gateway gives you a "virtual terminal" where you can login to your gateway account and manually key in the credit card for direct processing, instead of using expensive swipe terminals.

    But, it's far more secure to use an actual online gateway. As stevesh said, ask your bank which gateways they support, and then sign up for the appropriate service. Do check out the "Recommended Services" link at the top of this page for related suggestions and pre-negotiated lower rates.

    Quote Originally Posted by sports guy View Post
    These customers have Paypal but not all people want to buy with Paypal.
    The customer doesn't need to have a PayPal account in order to pay via PayPal.
    Quote Originally Posted by sports guy View Post
    These clients are willing to get a dedicated IP address and a Security certificate in order to accept credit cards.
    Nowadays everyone should get an SSL certificate for their store, even if their payments are handled entirely offsite. SSL certs are way cheaper today than they were 5 years ago.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  4. #4
    Join Date
    Apr 2007
    Location
    Dayton, Ohio
    Posts
    682
    Plugin Contributions
    0

    Default Re: Credit Card Processing Confusion

    Thank you both for taking the time to explain this to me. So I need to have my clients contact the bank to see which standard payment gateway they can use. That is what confused me.

    I personally own around 8 sites (lost count) and have been in business with Paypal for many years. Personally I love Paypal. Even though people do not have to create an account with Paypal there are still some (albeit a small percentage) who refuse to use it. I know as some people still mail me checks and wait rather than pay with Paypal (they complain to me). This happens in many different niches that I own. That does not include the ones who just ignore payment and won't contact me because I use Paypal exclusively. My point here is it's better to have another checkout option in addition to Paypal, if my clientele does not want to lose a few sales here and there.

    Buying a security certificate is an added expense. Dr byte posted this:
    Nowadays everyone should get an SSL certificate for their store, even if their payments are handled entirely offsite. SSL certs are way cheaper today than they were 5 years ago.
    I have two security certificate options available to me, one that handles transactions up to $1,000 and one that handles transactions up to $5,000. The later is a more expensive certificate. Both of my clients have expensive products and their individual transactions could go over the $1,000 range. Do I need to install the more expensive certificate if I set up the banks standard payment processing gateway recommendation? Or would the lower certificate work since this transaction is actually being handled on the processing gateways website? Last, is a security certificate a must or at least a highly recommended security feature if we will be using a banks payment gateway?

    If so, I have no problem. I just want to make sure I offer the best advice for my clientele.

  5. #5
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: Credit Card Processing Confusion

    The bank and/or the gateway service you engage will need to answer those questions for you.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  6. #6
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    6,167
    Plugin Contributions
    7

    Default Re: Credit Card Processing Confusion

    Apologies to Dr.Byte
    Quote Originally Posted by sports guy View Post
    I have two security certificate options available to me, one that handles transactions up to $1,000 and one that handles transactions up to $5,000.
    This shows a clear misunderstanding of what SSL is and does (no big deal, it places you among 99% of the online population).

    I can only assume that you are referring to some sort of insurance/payment guarantee provided by the SSL issuer when quoting these figures? If so, these figures have *nothing* to do with SSL itself.
    Quote Originally Posted by sports guy View Post
    The later is a more expensive certificate.
    Regardless of how much you pay for a certificate they all work in exactly the same way. An expensive certificate offers no more protection than a cheap certificate.
    Even a self-signed certificate uses the exact same encryption methods as a paid one.

    Quote Originally Posted by sports guy View Post
    Do I need to install the more expensive certificate if I set up the banks standard payment processing gateway recommendation?
    No.

    Quote Originally Posted by sports guy View Post
    Or would the lower certificate work since this transaction is actually being handled on the processing gateways website?
    Good question. A Pity that more people don't ask. The truth of the matter is, if you are using a payment processing gateway, regardless of whether it is a Bank, or even PayPal; an SSL certificate is *NOT* required. This is because when using these systems the CC details are never entered (or saved) in your store, therefore there is no need for encryption (Most people will argue that it is a good idea anyway though, and will offer all manner of reasons why). My opinions differ greatly from popular opinion.

    Quote Originally Posted by sports guy View Post
    Last, is a security certificate a must or at least a highly recommended security feature if we will be using a banks payment gateway?
    See comments above.

    Quote Originally Posted by sports guy View Post
    If so, I have no problem. I just want to make sure I offer the best advice for my clientele.
    The 'best' advice and the 'correct' advice aren't necessarily the same thing.

    I'm not offering any advice. I am merely stating facts.

    It would be foolish/amiss of me to suggest that SSL is *not* a useful thing to have in order to prevent the possibility of your clients personal data (name, address, etc) from being 'sniffed' as they enter it into their web browser, but it does *nothing* to protect this same information after it has been retrieved, decrypted and inserted into the database. Modern SSL's are also near useless for verification purposes because very few issuing Authorities perform any checks before issuing certificates anyway, which defeats one of the main purposes of SSL in the first place.

    Many people treat SSL as some kind of 'magic bullet' in regards to security. In practice it does virtually nothing other than give people a feeling that they are doing the 'right thing'.

    Cheers
    Rod

  7. #7
    Join Date
    Apr 2007
    Location
    Dayton, Ohio
    Posts
    682
    Plugin Contributions
    0

    Default Re: Credit Card Processing Confusion

    I can only assume that you are referring to some sort of insurance/payment guarantee provided by the SSL issuer when quoting these figures? If so, these figures have *nothing* to do with SSL itself.
    You are right this is a payment guarantee. And there is a significant difference between the two in price.

    As far as the Paypal PCI: The real difference between the Paypal Payment Pro and the other Paypal account options are off-site vs on-site processing (as far as my clients are concerned). Plus I believe you are given a virtual terminal to enter off site cards manually into the online terminal. So it looks like the credit card numbers are being entered into the site when in reality they are being sent to Paypal. Also since these clients already have a merchant terminal in their actual business, why would they need a virtual terminal? It only cost $30 per month but the funds still go into the Paypal account vs their merchant account, just like the regular Paypal accounts. So I will have to ask my customers, do you really want to pay $30 extra per month to Paypal just to make it look like you are processing their credit card? The end result is the same. For clients who have their own established merchant accounts the Paypal Payments Pro is only a good idea if they want it to look like their site is processing the payment.

    There was a good deal of thought and time put into this post. I am very thankful all of you took this time to help me figure this out. Hopefully this will help other webmasters with the same questions.

    Perhaps in my case I will see if the bank gateway demands a SSL and if not, I will not strongly suggest one to my clients. I am not into suggesting paid features that are not necessary. While I can see the validity into buying a SSL certificate to help secure personal information, I will present my case to my clients and let them make the decision.

    Once again a big thank you!!

  8. #8
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    6,167
    Plugin Contributions
    7

    Default Re: Credit Card Processing Confusion

    Quote Originally Posted by sports guy View Post
    The real difference between the Paypal Payment Pro and the other Paypal account options are off-site vs on-site processing .
    This is also true for other payment gateways. The important thing to be aware of is where/how the CC data is actually processed. If the store itself is accepting CC details and passing them across to the gateway then SSL will be a required for the store for PCI compliance (and even if not required, it would be foolish to NOT have one).

    If the CC details are processed directly by the payment gateway (IOW, CC details are never entered or sent to the store) then SSL is not required/needed.

    Cheers
    Rod

 

 

Similar Threads

  1. Credit Card Processing
    By magictom in forum Upgrading from 1.3.x to 1.3.9
    Replies: 1
    Last Post: 30 Apr 2010, 01:38 PM
  2. Credit Card Processing
    By Kristen_Happenstance in forum Built-in Shipping and Payment Modules
    Replies: 2
    Last Post: 31 Mar 2009, 03:07 PM
  3. Credit Card Processing
    By gid in forum Built-in Shipping and Payment Modules
    Replies: 1
    Last Post: 11 Jul 2007, 03:45 AM
  4. Credit Card Processing
    By ericny in forum Built-in Shipping and Payment Modules
    Replies: 1
    Last Post: 6 Jun 2007, 07:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg