Security of Credit Information

[Guest]

Hi all,

 

Just trying to clarify a point on oscommerce.

 

If you use paypal modules or something similiar, is all the payment processing done on their site?

 

So in effect you do not have any sensitive information stored in the commerce site itself?

 

Also, has oscommerce been pen tested?

 

 

If this is the wrong forum, please could you point me in the right direction.

 

 

Thanks

[tp-ePay]

Hello Nathan!

 

No, the payment is processed through a secure connection (SSL) to the payment gateway or processor. When the customer is entering his card information on a website, the information is sent to the payment gateway or directly to the processor (e.g. Visa). The customer is receiving an answer back instantly whether the payment is approved or not.

 

You can as merchant only handle the card information your self, if you are PCI compliant. Most companies uses a payment gateway to avoid this PCI approval process.

 

The osCommerce has off all I'm aware of NOT been pen tested. But you can try to contact them about this. But if you are worried about this, you should first of all check your hosting supplier and/or your own servers. If your website/system is hacked, it’s not the shop systems there will be their first entrance / choice... :)

 

Should you have any questions regarding PCI or how to accept online payments on your website, please don't hesitate to contact me.

[WoodsWalker]

Bear in mind that SSL only protects information in transit - not once it is sitting on a server.

 

Also, beware of trusting tips given by someone who is promoting services, as Shrik Tom so obviously is was.

[Guest]

Bear in mind that SSL only protects information in transit - not once it is sitting on a server.

 

Also, beware of trusting tips given by someone who is promoting services, as Shrik Tom so obviously is.

Yea, I think he is spamming.