Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

CC Payment Module for accepting CC


Forestshopkeeper

Recommended Posts

I am curious as to the security of using SSL on the site and using the CC payment module without a gateway.

What do I have to do to secure the CC numbers entered into the site. I have been reading and am aware that the consensus is to use a gateway, but I am not ready for that. I just want to know if using the SSL will secure the transaction and what else I have to do security wise?

Jim

Link to comment
Share on other sites

SSL only secures communication between the customer's computer and your webserver. Using the stock CC module once they have sent their CC details in their order they are stored unencrytped in your database or sent via plain text email. SSL or not will not change this. This means they are vulnerable to hackers obtaining peoples card details. Storing details in this manner is against Visa/mastercard's regulations (PCI) - they have extensive requirements (such as details stored on a separate server to the webserver, inaccesible over the internet, physically secure, detailed audit of all access etc etc) and you if caught you could lose your merchant account or even a large fine - gateways/payment processors take on the costs and risks on your behalf.

Link to comment
Share on other sites

SSL only secures communication between the customer's computer and your webserver. Using the stock CC module once they have sent their CC details in their order they are stored unencrytped in your database or sent via plain text email. SSL or not will not change this. This means they are vulnerable to hackers obtaining peoples card details. Storing details in this manner is against Visa/mastercard's regulations (PCI) - they have extensive requirements (such as details stored on a separate server to the webserver, inaccesible over the internet, physically secure, detailed audit of all access etc etc) and you if caught you could lose your merchant account or even a large fine - gateways/payment processors take on the costs and risks on your behalf.

Thank you Tom. That is good info to get me started.

Jim

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...