hillzzz Posted January 29, 2009 Posted January 29, 2009 Hi all, Please excuse a nubie to osCommerce. I have built a number of eCommerce sites since my first in 1995 using first Minivend and then Interchange. However recently I have heard good things about osCommerce so despite not being fluent in php I thought I would give it a try. So far I like what I see but I have hit a snag and so I respectfully ask for help from the forum. I would like to process my card payments off line. I already have permission from the bank to do cardholder not present payments what I would like is to have a PCI compliant module that will allow me to do this. But I cannot find one for osCommerce. The Interchange cart can be configured to encrypt all the card data all the time in transit via ssl and then both in Memory on the server and in the email it sends containing the order details using PGP or GNUPGP. The card data is never stored on the database and can only be decoded with the correct private pgp key. This seems to me to be pretty secure and sites using this approach have been certified as compliant in the past. I would like to know if the same or a similar approach would be possible or has been done for a Module in osCommerce. It would seem that plenty of folks want to the same thing and if a compliant method for doing Encrypted Credit card processing for support off-line payment processing exists or could be written then a lot of people would be happy. I helped write a protx gateway for interchange a while back but since I am learning php as well as installing osCommerce for the first time I have a mountain to climb so if anyone feels like giving this newbie a hand I would be very grateful for the help and advice. Hillzzz Quote
♥toyicebear Posted January 30, 2009 Posted January 30, 2009 There are modules for osCommerce which does encrypt the cc data. But if you are on a hosting service and/or virtual server type set-ups you can not store it and be PCI compliant anyway. You will need a dedicated server as a minimum. And you can not store the CVV/3 digit Security code in any shape or form. This goes for any cart system you want to use. Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here]
hillzzz Posted January 30, 2009 Author Posted January 30, 2009 There are modules for osCommerce which does encrypt the cc data. But if you are on a hosting service and/or virtual server type set-ups you can not store it and be PCI compliant anyway. You will need a dedicated server as a minimum. And you can not store the CVV/3 digit Security code in any shape or form. This goes for any cart system you want to use. Hi toyicebear Thanks for your prompt and helpful reply. I will be running the site on my own dedicated server which is fully fire-walled and protected as far as its possible to be. I will be using Ubuntu 64 bit server edition on a HP Proliant server. I am aware of the storage restrictions on CVV2/3 numbers and while in transit they will be encrypted and will not be stored in any form except briefly as 1024 bit encrypted variables during form processing. If you think about it. The commercial payment gateways must at least store these same numbers briefly during processing. I think 1024 bit PGP is as secure as you are going to get from a practical point of view, otherwise the US Government would not have given Mr Zimmerman such a hard time all those years. Can I ask which encrypted payment module you would recommend I look at. I have been trawling through the Payment modules but I would rather ask the advice of someone more experienced with osCommers than me. regards, Hillzzz Quote
New 
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.