Quote Originally Posted by melsleight View Post
The customer's credit card card information is posted from the customer's web browser to the server running Zen Cart..
Why? That is both inefficient and foolish.

Quote Originally Posted by melsleight View Post
The module then posts the payment information to the gateway
Why not cut out this middle step, like most (if not all) the other payment processors do?

Quote Originally Posted by melsleight View Post
SSL is needed to protect the first step between the customer and the web server.
It's much safer/secure to bypass this intermediate step.

Quote Originally Posted by melsleight View Post
Mel Sleight
Integration Support
BluePay Processing, Inc.
BluePay Processing, Inc.
I guess I'll never be using (or recommending) BluePay then. I can see it now, if a customers CC gets compromised in any way, you guys can (and probably will) deny accountability. It would be too easy to resist... "No, it wasn't *our* servers that leaked the CC data, therefore it must have been leaked by the merchants store".

There is no need that I'm aware of for the merchant (or their server) to handle the end users CC details at all. I'm always willing to update my knowledge in these matters though.

Regards
Rod Gasson
Adv dip Network Security.