Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Recommended Posts

Posted

I'm just getting into OScommerce and thinking about switching my site to it.

 

I can't find anything in the documentation on how the credit card module works.

 

Is is safe to use? obviously i would have to use a SSL connection. Are there any contributions that improve on it? I'm only small shop and could cope with the orders through my own chip&pin machine.

Posted

"Is it safe to use?"

In a word, No. (IMHO)

 

The module stores part of the credit card number unencrypted in the database and emails the other part (again unencrypted) to the store owner. This is very insecure and if there were ever any problems would leave you open to not only losing your merchant account but also a large fine. You will probably find that you contract for your physical terminal merchant account will not cover you to take internet orders - most merchants require you to have a separate account specifically for internet orders.

 

There are contributions to help encrypt credit card details / remove them from the DB afterwads but neither would satisfy Visa / Mastercard's "PCI" regulations (briefly - if you are storing any credit card details you are required to have an inspection at least annually to test the security of your systems - the database server is required to be separate to the web server (physically) and a has to be a dedicated server, access to the database server must be restricted both physically and via software with full audit trails etc etc).

 

The simplest, securist solution is to process your payments electronically - most small stores start with paypal, migrating to merchant account + payment gateway.

 

Tom

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...