wkdwich Posted August 2, 2006 Share Posted August 2, 2006 I had a major discussion with a client over the split credit card email, I thought she understood my reasonsing that she was violating the Visa/Master/Amex consortium rules by not wanting to use this. I completely explained that by not using this feature, she was putting her business, her customers, my server and all the other hosted sites at a high security risk, that I would not allow this on my server. Her reasoning was it was too much work to print the second mail and then shred it later. "unacceptable I can not do business like this, I MUST have the full CC info on the invoice" I thought she had a change of heart over the matter since she said nothing after that conversation several days ago. The site went live tonight and I went in to keep an eye on things for a bit and saw she removed the email address from the split option field in the credit card module. So now all the orders might have been stored in violation had I not seen this and changed it back. Her answer is she will remove the orders immediately.. but the fact they are stored like that for ANY length of time is just BAD.. My thoughts are I want to go in and set the email address (once more for good measure) for the split CC, then remove that from the Admin CC module EDIT screen so she can not turn it off again.. Will the following break anything?? catalog\includes\modules\payment\cc.php function keys() { return array('MODULE_PAYMENT_CC_STATUS', 'MODULE_PAYMENT_CC_EMAIL', 'MODULE_PAYMENT_CC_ZONE', 'MODULE_PAYMENT_CC_ORDER_STATUS_ID', 'MODULE_PAYMENT_CC_SORT_ORDER'); // remove the split option from admin uncomment below and comment out above // return array('MODULE_PAYMENT_CC_STATUS', 'MODULE_PAYMENT_CC_ZONE', 'MODULE_PAYMENT_CC_ORDER_STATUS_ID', 'MODULE_PAYMENT_CC_SORT_ORDER'); Debbie DFranklin County, VA "Moonshine Capitol of the World"osCmax Mobile Template oscmaxtemplates.com Link to comment Share on other sites More sharing options...
Dutch317 Posted August 2, 2006 Share Posted August 2, 2006 From what I can tell in order to remove the option from the admin area you would have to remove the 'MODULE_PAYMENT_CC_EMAIL', go from return array('MODULE_PAYMENT_CC_STATUS', 'MODULE_PAYMENT_CC_EMAIL', 'MODULE_PAYMENT_CC_ZONE', 'MODULE_PAYMENT_CC_ORDER_STATUS_ID', 'MODULE_PAYMENT_CC_SORT_ORDER'); to return array('MODULE_PAYMENT_CC_STATUS', 'MODULE_PAYMENT_CC_ZONE', 'MODULE_PAYMENT_CC_ORDER_STATUS_ID', 'MODULE_PAYMENT_CC_SORT_ORDER'); that should keep it from breaking but if for some reason she would remove and reinstall the cc module the email address would be gone from the database and never entered back in. To avoid this you would have to change both the function before_process() and function after_process() from an "if ( (defined" statement to either a hard coded email address or pull it from the database in another place. If she insists on having the full credit card on file couldnt you use a Credit Card Number Encryption mod such as contributions 4359? Link to comment Share on other sites More sharing options...
wkdwich Posted August 2, 2006 Author Share Posted August 2, 2006 From what I can tell in order to remove the option from the admin area you would have to remove the 'MODULE_PAYMENT_CC_EMAIL', go from return array('MODULE_PAYMENT_CC_STATUS', 'MODULE_PAYMENT_CC_EMAIL', 'MODULE_PAYMENT_CC_ZONE', 'MODULE_PAYMENT_CC_ORDER_STATUS_ID', 'MODULE_PAYMENT_CC_SORT_ORDER'); to return array('MODULE_PAYMENT_CC_STATUS', 'MODULE_PAYMENT_CC_ZONE', 'MODULE_PAYMENT_CC_ORDER_STATUS_ID', 'MODULE_PAYMENT_CC_SORT_ORDER'); OK thats what I had.. while I suppose there is a chance she will un/reinstall I think once she hears from me in the morning .. oopps I am so angry it IS morning here in NY.. that she will either head or take her cart elsewhere.. If she insists on having the full credit card on file couldnt you use a Credit Card Number Encryption mod such as contributions 4359? I'll look into that option.. but I REALLY don't want to make any further MODs to this cart.. unless I have to AND she's gonna pay for my time.. we'll see.. thanks for the feedback.. Debbie DFranklin County, VA "Moonshine Capitol of the World"osCmax Mobile Template oscmaxtemplates.com Link to comment Share on other sites More sharing options...
simplytaty Posted August 8, 2006 Share Posted August 8, 2006 What are the Visa/Master/Amex consortium rules? Link to comment Share on other sites More sharing options...
wkdwich Posted August 8, 2006 Author Share Posted August 8, 2006 What are the Visa/Master/Amex consortium rules? FYI my client relented and is using the split card utility.. The rules are very explicit about not storing card numbers CVV codes etc online.. http://www.usa.visa.com/download/business/...a_merchants.pdf bottom of page 12 or try here: http://www.usa.visa.com/business/index.html right most column, click new acceptance bottom of that page click Merchant Responsibility right gray box, bottom, click the pdf file link Debbie DFranklin County, VA "Moonshine Capitol of the World"osCmax Mobile Template oscmaxtemplates.com Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.