paulrichards19 Posted February 26, 2007 Posted February 26, 2007 I'm just getting into OScommerce and thinking about switching my site to it. I can't find anything in the documentation on how the credit card module works. Is is safe to use? obviously i would have to use a SSL connection. Are there any contributions that improve on it? I'm only small shop and could cope with the orders through my own chip&pin machine. Quote
Guest Posted February 27, 2007 Posted February 27, 2007 "Is it safe to use?" In a word, No. (IMHO) The module stores part of the credit card number unencrypted in the database and emails the other part (again unencrypted) to the store owner. This is very insecure and if there were ever any problems would leave you open to not only losing your merchant account but also a large fine. You will probably find that you contract for your physical terminal merchant account will not cover you to take internet orders - most merchants require you to have a separate account specifically for internet orders. There are contributions to help encrypt credit card details / remove them from the DB afterwads but neither would satisfy Visa / Mastercard's "PCI" regulations (briefly - if you are storing any credit card details you are required to have an inspection at least annually to test the security of your systems - the database server is required to be separate to the web server (physically) and a has to be a dedicated server, access to the database server must be restricted both physically and via software with full audit trails etc etc). The simplest, securist solution is to process your payments electronically - most small stores start with paypal, migrating to merchant account + payment gateway. Tom Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.