Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Client not wanting to split the CC info


wkdwich

Recommended Posts

I had a major discussion with a client over the split credit card email, I thought she understood my reasonsing that she was violating the Visa/Master/Amex consortium rules by not wanting to use this. I completely explained that by not using this feature, she was putting her business, her customers, my server and all the other hosted sites at a high security risk, that I would not allow this on my server. Her reasoning was it was too much work to print the second mail and then shred it later. "unacceptable I can not do business like this, I MUST have the full CC info on the invoice"

 

I thought she had a change of heart over the matter since she said nothing after that conversation several days ago. The site went live tonight and I went in to keep an eye on things for a bit and saw she removed the email address from the split option field in the credit card module. So now all the orders might have been stored in violation had I not seen this and changed it back. Her answer is she will remove the orders immediately.. but the fact they are stored like that for ANY length of time is just BAD..

 

My thoughts are I want to go in and set the email address (once more for good measure) for the split CC, then remove that from the Admin CC module EDIT screen so she can not turn it off again..

 

 

Will the following break anything??

catalog\includes\modules\payment\cc.php

 

function keys() {
  return array('MODULE_PAYMENT_CC_STATUS', 'MODULE_PAYMENT_CC_EMAIL', 'MODULE_PAYMENT_CC_ZONE', 'MODULE_PAYMENT_CC_ORDER_STATUS_ID', 'MODULE_PAYMENT_CC_SORT_ORDER');
// remove the split option from admin uncomment below and comment out above
//	   return array('MODULE_PAYMENT_CC_STATUS', 'MODULE_PAYMENT_CC_ZONE', 'MODULE_PAYMENT_CC_ORDER_STATUS_ID', 'MODULE_PAYMENT_CC_SORT_ORDER');

Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Link to comment
Share on other sites

From what I can tell in order to remove the option from the admin area you would have to remove the 'MODULE_PAYMENT_CC_EMAIL',

go from

return array('MODULE_PAYMENT_CC_STATUS', 'MODULE_PAYMENT_CC_EMAIL', 'MODULE_PAYMENT_CC_ZONE', 'MODULE_PAYMENT_CC_ORDER_STATUS_ID', 'MODULE_PAYMENT_CC_SORT_ORDER');

to

return array('MODULE_PAYMENT_CC_STATUS', 'MODULE_PAYMENT_CC_ZONE', 'MODULE_PAYMENT_CC_ORDER_STATUS_ID', 'MODULE_PAYMENT_CC_SORT_ORDER');

 

that should keep it from breaking but if for some reason she would remove and reinstall the cc module the email address would be gone from the database and never entered back in. To avoid this you would have to change both the function before_process() and function after_process() from an "if ( (defined" statement to either a hard coded email address or pull it from the database in another place.

 

If she insists on having the full credit card on file couldnt you use a Credit Card Number Encryption mod such as contributions 4359?

Link to comment
Share on other sites

From what I can tell in order to remove the option from the admin area you would have to remove the 'MODULE_PAYMENT_CC_EMAIL',

go from

return array('MODULE_PAYMENT_CC_STATUS', 'MODULE_PAYMENT_CC_EMAIL', 'MODULE_PAYMENT_CC_ZONE', 'MODULE_PAYMENT_CC_ORDER_STATUS_ID', 'MODULE_PAYMENT_CC_SORT_ORDER');

to

return array('MODULE_PAYMENT_CC_STATUS', 'MODULE_PAYMENT_CC_ZONE', 'MODULE_PAYMENT_CC_ORDER_STATUS_ID', 'MODULE_PAYMENT_CC_SORT_ORDER');

 

OK thats what I had.. while I suppose there is a chance she will un/reinstall I think once she hears from me in the morning .. oopps I am so angry it IS morning here in NY.. that she will either head or take her cart elsewhere..

 

 

 

If she insists on having the full credit card on file couldnt you use a Credit Card Number Encryption mod such as contributions 4359?

 

I'll look into that option.. but I REALLY don't want to make any further MODs to this cart.. unless I have to AND she's gonna pay for my time.. we'll see..

 

 

thanks for the feedback..

Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Link to comment
Share on other sites

What are the Visa/Master/Amex consortium rules?

 

 

FYI my client relented and is using the split card utility..

 

The rules are very explicit about not storing card numbers CVV codes etc online..

 

http://www.usa.visa.com/download/business/...a_merchants.pdf

 

bottom of page 12

 

or try here:

http://www.usa.visa.com/business/index.html

 

right most column, click new acceptance

bottom of that page click

Merchant Responsibility

 

right gray box, bottom, click the pdf file link

Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...