Conner,
Thanks.....
Thanks Connor
How is the ceon module more secure or PCI complient then the regular offline cc processing of 1.3.8?
We use the offline cc processing only with sending the middle digits in an email - is there a difference between the 2 then??
Thanks,
Leora
It's optionally more secure because you can use Blowfish to encrypt the data in the session. It's not more PCI-compliant, because this approach isn't compliant (which is why it has been removed from the core code).
Kuroi Web Design and Development | Twitter
(Questions answered in the forum only - so that any forum member can benefit - not by personal message)
Apart from being more robustly written, more attention has been paid to the manner in which the ccard data is transmitted.
CEON's module allows for encryption (if your server has blowfish), which makes it a little more secure... but the fundamental issue of offline card payment still exists.
Regardless of the reliability of the offline module used, the issue remains with HOW the physical data relating to ccards is handled by PEOPLE.
With any offline system, real human beings are part of the link... and that poses very serious security risks. These risks are greatly minimized when the card processing happens through purely "electronic" means.
It is always better to use gateways, and the use of an offline system should really only be a "last resort" decision, and should be made reluctantly, and with a view to resolving any gateway impediments as soon as possible.
20 years a Zencart User
Thanks - got it.
Leora
There's no reason why off-line payment processing cannot be done securely, especially in a small company -- and I'd venture to suggest that most Zen Cart installs are owned by small companies.
In our case it's just my wife and I and we use a very particular and secure method of dealing with the CC data, including deleting it the moment it's served its purpose -- secure delete, I should add. And there is never any paper copy to forget to dispose of.
I wouldn't want to try this in a larger company, but a larger company can afford an on-line processing solution.
Rob
Hi,
Although I wrote the Ceon Manual Card module I don't actually advocate its use.
Manual card solutions are almost always in breach of your merchant account provider's terms and conditions.. whether they're secure or not they are not a professional way to take card payments on the internet.
You are always advised to use a professional payment gateway!
All the best..
Conor
ceon
A big advantage of using an offline method is that the fees are nomally less than half what an online processor charges.
As well you can check each each order for potential fraud before processing the card.
Here in Oz you get charged another fee again to refund the card
(makes paypal look good in that respect)
To get the PCI compliance you can use an offline card processor such a e-path(dot)com
Hi,
I would say that's the primary advantage.. if your merchant account allows you take details online and process them offline (here in the UK I don't think any do).
I personally think the reason you're able to do that is a disadvantage rather than an advantage but that's because I like as much of our business as possible to be automated.
That's possibly the only thing ever that makes PayPal look good! It's an awful company! We only use it as we have no choice.. I'm sure most other businesses are the same. It is good that they don't charge for refunds but then they can afford to since they rip you off at every other opportunity!
There's also a fee here to refund with merchant accounts.. thankfully it's rather small but I'm sure you agree with me that it seems unfair to charge a business for a transaction that didn't happen in the end!
Never heard of an offline processor that offers PCI compliance before. PCI compliance is a complete joke and is essentialy card companies skimming money off other hard working copmanies in my opinion but unfortunately it's forced upon us so the card companies can get richer so if there are companies which offer offline processing with compliance that could be a decent alternative to a full payment gateway! I'll check out the link you've given.
All the best..
Conor
ceon
Bookmarks