adhwebcr Posted August 7, 2010 Share Posted August 7, 2010 Hi guys, Really need help with this asap. installed everything and doubled checked 10 times but after the checkout_payment.php page i press continue and get a completely blank, broken page no matter which payment method i choose. Any ideas? thanks Ashley Quote Link to comment Share on other sites More sharing options...
adhwebcr Posted August 7, 2010 Share Posted August 7, 2010 Hi guys, Really need help with this asap. installed everything and doubled checked 10 times but after the checkout_payment.php page i press continue and get a completely blank, broken page no matter which payment method i choose. Any ideas? thanks Ashley Further to this i've worked out it's something to do with this part in checkout_confirmation: require(DIR_WS_CLASSES . 'order_total.php'); $order_total_modules = new order_total; $order_total_modules->process(); As when i take that out the page doesn't break although obviously there's no order totals on the page. any help would be much appreciated as i was up until about 4 this morning trying to work it out and this is not how i want to spend my saturday. Thanks Ashley Quote Link to comment Share on other sites More sharing options...
lironofer Posted October 4, 2010 Share Posted October 4, 2010 in the admin orders i am only getting: Credit Card Type: Visa Credit Card Owner: test person Credit Card Number: 4111XXXXXXXX1111 Credit Card Expires: 0111 no cvv number?? can some one please help or give some ideas why. i have checked all the code dont know where to look next? Can anyone help? I have the same problem. Quote Link to comment Share on other sites More sharing options...
kylewa Posted October 19, 2010 Share Posted October 19, 2010 I can't seem to find any downloads for CCV that work at all. Even tried one where you have to put all the code in as instructed and it doesnt work either.. Anyone get it working???? id really like a copy of your files if you did get it working. I really need this to accept credit card orders.. PLEASE HELP Quote Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted October 19, 2010 Share Posted October 19, 2010 (edited) You won't find probably 2-3 people here that use it still because of the new PCI requirements. Most use an off site processor. It is much easier. Edited October 19, 2010 by mdtaylorlrim Quote Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
powerdrive Posted July 19, 2011 Share Posted July 19, 2011 Rather than putting the CVV into the database and deleteing it afterwards, can it be sent in an encrypted email separate from the order email? Similar to how the card number is split. mrbyte 1 Quote Link to comment Share on other sites More sharing options...
Guest Posted July 19, 2011 Share Posted July 19, 2011 You COULD do that, but you would still need to be PCI DSS compliant to receive/store that information in the email client. Chris Quote Link to comment Share on other sites More sharing options...
HappyPappy Posted August 9, 2011 Share Posted August 9, 2011 The official line from PCI is you do not need to do anything to protect the CVV in a temporary or permanent stored situation. In fact, in PCI DSS v 2.0 they mention protection for PIN and CVV as "N/A". And why is this so you may ask ... Because you will NEVER have the CVV or PIN in the fist place, therefore, protecting something you don't have in your possession is "N/A". The CVV must NEVER NEVER NEVER be stored either temporarily of permanently, either encrypted or not, either broken up (truncated) or complete. In short, you can NOT capture the CVV in any way, shape or form under any circumstances. Period. People are getting mixed up with the "live" online processing of credit cards i.e., the direct live communication between gateway and the merchant account for processing of credit cards instantly on the internet - this DOES REQUIRE the CVV to be entered. But we are not talking about live online credit card processing. We are talking about capturing credit card details to enable the business owner to then charge the card via another means, perhaps offline or into their existing merchant account facility or into a terminal. It is important to understand the difference in order for you to follow what I am saying here. And there is a HUGE difference, one system transacts live online totally without you knowing, the other you control the charging and its cheaper. If you have a merchant account that "requires" the CVV to be entered and won't let you charge the card without it, then it is not a merchant account approved to charge card not present credit card payments received. You not only risk the wrath of acting illegally under PCI but if your merchant account provider finds out then I would not like to be you. Now, if your merchant account is approved to allow you to charge through it credit card payments received by card not present means - some term this as a MOTO enabled your merchant account - (mail order telephone order), then it can not possibly require the CVV to be entered. It may still ask for it but leave it blank and it will process the charge without it. But lets say you have a MOTO enabled merchant account or a terminal, one that allows you to charge card not present payments received, and it still requires you to enter in the CVV, it won't let you charge the card without the CVV. Well, dump that merchant account provider because they are about to be taken out of business by the card vendors themselves. Let me explain. For starters that would mean they are forcing you to act illegally under PCI. In otherwords, they are forcing you to somehow capture the CVV for you to have it in your possession in some way to have it to enter into your merchant account to charge the card. But this is 100% ILLEGAL under PCI - if you do that you are setting yourself up for fines and you could lose your right to processes Visa, Master Card and American Express Cards for good. If this is you then I suggest ringing your merchant account provider up and ask them directly .. "How do you suggest I capture and temporarily store the CVV so I will have it to enter into your merchant account facility when I charge the card?" They will not be able to answer that because what their advice would be would have to be to you would be for you to act illegally. And if they did this and Visa or any of the other card vendors found out about it, they would be finished, big time. If you are a developer and are setting something up for your client to manually capture the CVV, if and when they get caught they could simply put their hands in the air and say "its not our fault, our developer did this" so make sure you've got a huge amount of money in the bank to pay the fine!!! My three osc's do things manually, I like being in total control of what I accept online and I process offline into my MOTO approved terminal. I use a proper manual payment gateway to handle credit cards online. I'm not going to mention them because I don't want to be seen as promoting them as I've mentioned them in almost all of my posts so far (I don't want to get into trouble with moderators). My advice is simple, just make sure do things the rght way and make sure your merchant account provider is also doing things the right way. It's not that hard. Cheers Quote Link to comment Share on other sites More sharing options...
♥toyicebear Posted August 9, 2011 Share Posted August 9, 2011 The only time CVV can be entered manually into a terminal is if the customer stands in-front of you with their card, showing you the cvv or giving you the card so that you can read it and enter it in directly into the terminal, or you are talking to them on the telephone and they tell you the CVV number and you input it directly into the terminal. As the poster mentioned above it can not be stored, written down or otherwise "saved". Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
HappyPappy Posted August 9, 2011 Share Posted August 9, 2011 The only time CVV can be entered manually into a terminal is if the customer stands in-front of you with their card, showing you the cvv or giving you the card so that you can read it and enter it in directly into the terminal, or you are talking to them on the telephone and they tell you the CVV number and you input it directly into the terminal. As the poster mentioned above it can not be stored, written down or otherwise "saved". Absolutely correct Nick. If people have a merchabnt account they use to charge credit cards received by card not present means, i.e., from a proper PCI compliant manual payment gateway, a fax machine, physical mail order or over the telephone where they charge the card after they have had time to verify things themselves, then they only need to ensure their merchant account is enabled for this. Like I said before, some term this is MOTO (mail order telephone order) enabling your merchant account. Once this is done the merchant account (terminal or online virtual terminal) will not (it's not allowed to) require the CVV to be entered to charge the card, although it may still ask for it for those times as Nick has mentioned above. You will then not have to worry about anything to do with CVV because it is not part of the official scheme when you manually (MOTO) process credit cards. And you will be be complying with PCI (assuming your oscommerce site doesn't touch or see the cc data and you destroy the card data once you charge the card of course). Here's to staying safe everyone ... :thumbsup: Cheers Quote Link to comment Share on other sites More sharing options...
thall89553 Posted September 8, 2011 Share Posted September 8, 2011 I went through the twenty steps to install this add on but am confused in that I do not see a CVV form field on my checkout_payment.php page. I see the name, card number, expiration month & year, BUT NO CVV field. Also, I see these lines of code put out a form field and some text, but where can I modify what is being put out? Is this "$selection[$i]['fields'][$j]['title']" a fucntion call? for ($j=0, $n2=sizeof($selection[$i]['fields']); $j<$n2; $j++) { echo $selection[$i]['fields'][$j]['title']; echo $selection[$i]['fields'][$j]['field']; } Thanks. Tom Quote Link to comment Share on other sites More sharing options...
germ Posted September 8, 2011 Share Posted September 8, 2011 The official line from PCI is you do not need to do anything to protect the CVV in a temporary or permanent stored situation. In fact, in PCI DSS v 2.0 they mention protection for PIN and CVV as "N/A". And why is this so you may ask ... Because you will NEVER have the CVV or PIN in the fist place, therefore, protecting something you don't have in your possession is "N/A". The CVV must NEVER NEVER NEVER be stored either temporarily of permanently, either encrypted or not, either broken up (truncated) or complete. In short, you can NOT capture the CVV in any way, shape or form under any circumstances. Period. People are getting mixed up with the "live" online processing of credit cards i.e., the direct live communication between gateway and the merchant account for processing of credit cards instantly on the internet - this DOES REQUIRE the CVV to be entered. But we are not talking about live online credit card processing. We are talking about capturing credit card details to enable the business owner to then charge the card via another means, perhaps offline or into their existing merchant account facility or into a terminal. It is important to understand the difference in order for you to follow what I am saying here. And there is a HUGE difference, one system transacts live online totally without you knowing, the other you control the charging and its cheaper. If you have a merchant account that "requires" the CVV to be entered and won't let you charge the card without it, then it is not a merchant account approved to charge card not present credit card payments received. You not only risk the wrath of acting illegally under PCI but if your merchant account provider finds out then I would not like to be you. Now, if your merchant account is approved to allow you to charge through it credit card payments received by card not present means - some term this as a MOTO enabled your merchant account - (mail order telephone order), then it can not possibly require the CVV to be entered. It may still ask for it but leave it blank and it will process the charge without it. But lets say you have a MOTO enabled merchant account or a terminal, one that allows you to charge card not present payments received, and it still requires you to enter in the CVV, it won't let you charge the card without the CVV. Well, dump that merchant account provider because they are about to be taken out of business by the card vendors themselves. Let me explain. For starters that would mean they are forcing you to act illegally under PCI. In otherwords, they are forcing you to somehow capture the CVV for you to have it in your possession in some way to have it to enter into your merchant account to charge the card. But this is 100% ILLEGAL under PCI - if you do that you are setting yourself up for fines and you could lose your right to processes Visa, Master Card and American Express Cards for good. If this is you then I suggest ringing your merchant account provider up and ask them directly .. "How do you suggest I capture and temporarily store the CVV so I will have it to enter into your merchant account facility when I charge the card?" They will not be able to answer that because what their advice would be would have to be to you would be for you to act illegally. And if they did this and Visa or any of the other card vendors found out about it, they would be finished, big time. If you are a developer and are setting something up for your client to manually capture the CVV, if and when they get caught they could simply put their hands in the air and say "its not our fault, our developer did this" so make sure you've got a huge amount of money in the bank to pay the fine!!! My three osc's do things manually, I like being in total control of what I accept online and I process offline into my MOTO approved terminal. I use a proper manual payment gateway to handle credit cards online. I'm not going to mention them because I don't want to be seen as promoting them as I've mentioned them in almost all of my posts so far (I don't want to get into trouble with moderators). My advice is simple, just make sure do things the rght way and make sure your merchant account provider is also doing things the right way. It's not that hard. Cheers The only time CVV can be entered manually into a terminal is if the customer stands in-front of you with their card, showing you the cvv or giving you the card so that you can read it and enter it in directly into the terminal, or you are talking to them on the telephone and they tell you the CVV number and you input it directly into the terminal. As the poster mentioned above it can not be stored, written down or otherwise "saved". Quote If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
ben.maleki Posted January 22, 2012 Share Posted January 22, 2012 Does anyone know if this version works with osCommerce 2.3.1? Quote Link to comment Share on other sites More sharing options...
Guest Posted January 22, 2012 Share Posted January 22, 2012 @@ben.maleki, The module was removed from the v2.3.1 release. It violates PCI DSS laws now enforced in most of North America. Chris Quote Link to comment Share on other sites More sharing options...
ben.maleki Posted January 22, 2012 Share Posted January 22, 2012 what's the best alternative? PayPal Quote Link to comment Share on other sites More sharing options...
Guest Posted January 22, 2012 Share Posted January 22, 2012 @@ben.maleki, You can use any of the available online processors, or you can become PCI DSS compliant and install an on site credit card module. Chris Quote Link to comment Share on other sites More sharing options...
ben.maleki Posted January 22, 2012 Share Posted January 22, 2012 my web designer installed this version on my website what is the best way to remove it? can I just remove it from the admin page in the Payment Modules? Quote Link to comment Share on other sites More sharing options...
Guest Posted January 22, 2012 Share Posted January 22, 2012 @@ben.maleki, You can delete the module from the /includes/modules/payment/ and the /includes/languages/english/modules/payment/ directories and THEN, you will need to remove the tables from the database. This is the crucial part because that is where the data is stored. Chris Quote Link to comment Share on other sites More sharing options...
ben.maleki Posted January 22, 2012 Share Posted January 22, 2012 can you tell me how to remove it from the database? is it as easy as installing it to the database? Quote Link to comment Share on other sites More sharing options...
ggrant3 Posted February 3, 2012 Share Posted February 3, 2012 So is there a contribution for v 2.3 to collect the card number so it can be entered manually into an existing merchant account/terminal (without the cvv)? I know in v2.2 there is a contribution (I think it may be this one) that splits the card # and stores the first 4 and the last 4 #'s in the db and then emails the middle 8 digits, that way the whole number is not stored. Is there a contribution like that for v2.3? I haven't upgraded to v2.3 yet and I have been considering it the past few days, but I already have a merchant account in my store and getting a separate one just for the osc site doesn't make sense to me (if you are even allowed to have two merchant accounts) Quote Link to comment Share on other sites More sharing options...
Guest Posted February 3, 2012 Share Posted February 3, 2012 @@ggrant3, I know in v2.2 there is a contribution (I think it may be this one) that splits the card # and stores the first 4 and the last 4 #'s in the db and then emails the middle 8 digits, that way the whole number is not stored. Is there a contribution like that for v2.3? The contribution for 2.2 could be updated for use with v2.3.1, HOWEVER when the contribution for v2.2 was created there was no LAW against the collection and processing of credit card information. The contribution use is NOT suggested. Read about PCI DSS compliance here. It may vasy slightly depending on the state/ province you are located in, but the basics are presented in that link. Chris Quote Link to comment Share on other sites More sharing options...
♥toyicebear Posted February 3, 2012 Share Posted February 3, 2012 So is there a contribution for v 2.3 to collect the card number so it can be entered manually into an existing merchant account/terminal (without the cvv)? I know in v2.2 there is a contribution (I think it may be this one) that splits the card # and stores the first 4 and the last 4 #'s in the db and then emails the middle 8 digits, that way the whole number is not stored. Is there a contribution like that for v2.3? I haven't upgraded to v2.3 yet and I have been considering it the past few days, but I already have a merchant account in my store and getting a separate one just for the osc site doesn't make sense to me (if you are even allowed to have two merchant accounts) Close to any 2.2 module can be made to work with 2.3.1 , but in most cases you dont need to get a new "merchant account" you can simply talk to your current provider and ask them about also using it with an online shop and what payment gateways they are compatible with.... Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
ggrant3 Posted February 3, 2012 Share Posted February 3, 2012 Close to any 2.2 module can be made to work with 2.3.1 , but in most cases you dont need to get a new "merchant account" you can simply talk to your current provider and ask them about also using it with an online shop and what payment gateways they are compatible with.... Right now I am just using Paypal's virtual terminal. That way I can process someone in front of me or a mail/phone/website order. So I guess it would be safe to assume that osc has a contribution that would use my paypal account to automatically process a site order, right? I just get overwhelmed trying to figure out all the terminology and getting everything setup, although I may very well be making it out to be harder than it really is. I just want it "seamless" for the customer because I use to use some kind of paypal payment system they have (with my old html site) and when a customer got to the payment process they got confused because they were getting redirected to Paypal's site. And they got nervous or said they didn't want to pay via paypal (thinking Paypal itself was their only option), because it would show a login in screen for Paypal and have a very small text link saying they could pay without logging in or creating a paypal account, but it confused at least 80% of my customers. Is there a straight forward (proven to work fine, without bugs) paypal integrated payment contribution, that you could recommend? Or is that built into osc already maybe? Quote Link to comment Share on other sites More sharing options...
Guest Posted February 3, 2012 Share Posted February 3, 2012 @@ggrant3, There are MANY payment methods built into osCommerce v2.3.1, including several versions of osCommerce. You should be able to find one that suits your needs. Chris Quote Link to comment Share on other sites More sharing options...
ggrant3 Posted February 14, 2012 Share Posted February 14, 2012 Okay so I need a little more clarification with this. I see collecting the CVV is bad. In the contribution that I have, there is an option to turn the CVV requirement on/off. So I have it set to off now. But is it still considered "bad/illegal" to have the customer enter their credit card information onto my site and then have the middle 8 digits striped from the order and emailed to me separately so I can maually enter their credit card information (like a phone order would be processed)? Since nothing crucil is then stored on the database (only the first and last 4 digits and the exp date, which would be uselss) is this okay or not okay? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.