AUthorize.net CIM integration

[DrByte]

Why is it that I have to review my entire business process model to get a single question answered. I'm trying to get a question answered to increase my security and what I get is an uninformed security consultation.

Well, I suppose if you think my input is uninformed, you're welcome to get feedback from someone else whom you might take more seriously.

Instead perhaps you should reword that to the tune of "I'm sorry I have misled you regarding what I was really asking about" ... ?

[DrByte]

So let me rephrase the question. I want to pass the store owner the credit-card information for his customers in some manner other than e-mail which isn't reliable enough in high-volumes. ...

Is there any alternative method that is secure for passing the cc information to the store owner other than the offline cc module ? What about using Authorize.net or some other secure method? Can I pass the information to them somehow for the store owner to retreive?

Yes. I answered that already, above:

A live transaction gateway such as Authorize.net AIM can handle the transaction in real time.

...

Now, if you're authorized to collect payments on behalf of the real storeowner, why don't you just ask the storeowner for *their* authorize.net account details so you can put them into your website and actually collect payment *for* them directly?

If the storeowner wants to collect payments from his customers, then he/she can certainly set up a live payment gateway for processing transactions in real time ... just like tens of 1000s of other shops already do today.

Zen Cart has always offered the ability to work with multiple gateways out-of-the-box or "off-the-shelf" as you say. There are many additional payment module addons available to communicate with other gateways offered for various merchant account services.


I'm puzzled by the observation that it seems you've been using Zen Cart for several years but haven't any exposure to the concept of using a live gateway? https://www.zen-cart.com/tutorials/i...hp?article=285

[MotoDelta]

My apologies for not being clear.

Rest assured we have had extensive discussions with our CPA, Attorneys, and the cc processor to ensure we are doing the "right stuff". I understand you are trying to counsel me to best practices. I appreciate that.

So just to we're 100% clear. I install, host, and configure the software for the client. The client receives the order, ships from their stock, and bills the consumer. Since the physical server is in a seperate location from the client, they've either got to use Authorize.net or the offline cc module.

Right now they do not want to use Authorize.net because their existing brick and mortar business uses a different solution and they do want to have another. We experienced a problem twice where the middle digit email did not reach them, a total of 3 orders. However once they hit the order volumes they expect we could potentially lose a lot more middle digit emails that would require a lot of embarrassing phone calls to the consumers that purchased.

So what I'm looking to assist them with is finding a way to ensure they they do not lose their customers credit-card information. I am NOT going to circumvent the system by storing the whole number. I'm not taking that liability. So how do I help them with this? That's the advice I really need.

Is there an outside solution that I can easily get them the cc information from their store in a more reliable manner? For example, could use us Authorize.net to securely pass the cc information at the point of order execution and still use their existing cc processor?

[DrByte]

I understand you are trying to counsel me to best practices. I appreciate that.

That's cool ... I'm also mindful that there will be others who come along to read this discussion afterwards too :)

Since the physical server is in a seperate location from the client, they've either got to use Authorize.net or the offline cc module.

Right now they do not want to use Authorize.net because their existing brick and mortar business uses a different solution and they do want to have another. ...

So what I'm looking to assist them with is finding a way to ensure they they do not lose their customers credit-card information. ...

Is there an outside solution that I can easily get them the cc information from their store in a more reliable manner? For example, could use us Authorize.net to securely pass the cc information at the point of order execution and still use their existing cc processor?

Well ... who are they using as a merchant account service provider? Does that provider offer an online live gateway service? That would be your best solution.

[MotoDelta]

I'll have to investigate that. presumably integration would require a custom payment module to be built for that?

[DrByte]

Perhaps ... it all depends who the provider is and whether a module is already available, or at least something close which can be adapted.