storing order Credit Card details?

[Paulus]

Hello There,

I'm a new Zenner from Melbourne Australia and I'm investigating whether this Cart is suitable for my Customer order requirements.

On researching this issue I found that the basic Credit Card module, used for Offline CC order processing is no longer included in Zen Cart because it does not meet the new PCI compliance requirements for ecommerce security.

I note the many posts recommending PayPal or other real live payment gateway services connected to a business merchant account but this is precisely what I do not want.

I simply want ZenCart to store the Customer Order and Card details which I can personally retrieve and process later at my convenience.

I'm an experienced online merchant and already have an online Cart which allows me to receive online Customer orders which I check and process offline by inputting the supplied customer Card details manually via my EFTPOS terminals.

I'm not expecting a free ride or free advice and I'm quite happy to pay a ZenCart developer to advise me in this issue.

If this is the wrong forum, could someone direct me to the correct one.

If a developer wants to contact me, please do so.

Thank you.

Paul Nonnis

[gilby]

You could combine zen-cart with this http://e-path.com.au/
It allows you to do offline processing.

[Paulus]

Thank you Gilby,

However e-Path is just another third party, hosted gateway which adds more costs, layers, HTTP requests, scripts and security risks.

Having a cheap, simple SSL certificate and administering Zen Cart's with this secure protocol does what e-Path does at a fraction of the cost.

The solution is a simple .php script, it's probably already there but I don't know where to look for it.

Thank you again, all the same.

Paul

[stevesh]

There's this:

http://www.zen-cart.com/downloads.php?do=file&id=893

There's a newer version on ceon's website.

It's your call, but I and many others would never even consider doing business with you if we knew you were handling our credit card details in such an insecure manner.

[kobra]

I simply want ZenCart to store the Customer Order and Card details

Storing card information on ANY web accessible platform is fully against PCI rules

[DrByte]

Having a cheap, simple SSL certificate and administering Zen Cart's with this secure protocol does what e-Path does at a fraction of the cost.

You are making an incorrect assumption.

An SSL certificate does NOT cause the customer-submitted data to be stored in a secure encrypted format.

To do what you desire requires AT MINIMUM an encryption method such as is used by the Ceon Manual Card plugin mentioned earlier. That's what I suggest you explore.
And then, to cross your T's and dot your i's, I strongly recommend that you talk to your merchant account company (your EFTPOS provider) to get specific confirmation whether they're content with your solution, SPECIFICALLY whether they're willing to deem your solution as acceptable from a PCI risk (fraud risk). INDEED THIS IS THE MOST IMPORTANT PART ... since no matter what "solution" you decide to embrace, you need something that will not put your business at risk if your webserver got hacked.

[Paulus]

Thanks Stevesh,

The Ceon module looks promising, I'll test it out and see if it does what I want it to do.

As for security, we've made 37k+ online sales over 7 years and never, ever had a single Card problem.

That's because we personally control all our orders and transactions which we we process manually and offline.

So far as my online business is concerned, I will never ever ever, allow outside third parties to know, process or otherwise know my Customers' Card details.

Of course, everyone is free to run his or her own as he or she sees fit.

Regards,

Paul.

[Paulus]

Thanks Kobra,

I'll suss out the Ceon Manual Card as suggested herein.

By the by, I've sold online to Verisign and Trustico, they never asked about PCI compliance.

Nevertheless, I thank you for your valid, appropriate and applicable comment.

Paul.

[Paulus]

Thank you DrByte,

I never stated or assumed that SSL Certificates encrypt data, merely the communication thereof.

I'll certainly install and test out the Ceon Manual Card module as you and others have kindly suggested.

However the worst thing I could do for my business is to allow those cretins at my Bank or Paypal to meddle or interfere with my online transactions.

As intimated earlier, I'm a seasoned online trader and have multiple Merchant Accounts and several EFTPOS terminals.

We manually process all VISA, MCD & AMX payments through our EFTPOS terminals and the transactions are either approved or declined.

There is absolutely no fraud risk whatsoever because if payment is declined (about 7%) nothing's shipped out.

I've never had a dodgy sale or bad Card in 7 years with this manual system .

But I remember having many problems with Paypal when I used their horrendous gateways when I first started.

Nevertheless, I appreciate your comments.

Thank you.

Paul.