Rubin Remus Posted June 19, 2009 Share Posted June 19, 2009 Hello everybody, I am currently building a site for a client who requires payment details to be e-mailed to him. Before everybody explains how insecure this can be, I'll shed a little more light on the subject. He is very aware of the dangers of transmitting and storing unencrypted data and non-PCI Compliant information, but I need to figure out a way to make this be PCI Compliant. The reason he wants them e-mailed to him is because he is selling stock from a shop as well as online, and if he sells the last of a particular item from stock in the shop, and ten minutes later somebody purchases it online, typically, payment will be taken at that point, and he'll have to refund it, or order it in, and his suppliers can't be too quick with their deliveries at times. In the UK it is illegal for him to say that he has it in stock if there's a chance that he doesn't, so he'd rather have the details and process it as CNP after despatch only. OR, if the above isn't possible, is there a module which will allow him to process the payment online AFTER despatch? To be honest, I would rather he used an off-site payment gateway for reasons of security, but he's the customer, I can't make that choice for him. Any help, suggestions or advice would be superb! Thanks for reading! Quote Link to comment Share on other sites More sharing options...
Rubin Remus Posted June 19, 2009 Author Share Posted June 19, 2009 I have just found this contrib which seems like it will do exactly as I require, BUT, is it PCI-Compliant? Any ideas? http://www.oscommerce.com/community/contri...elay+processing Thanks! Quote Link to comment Share on other sites More sharing options...
Rubin Remus Posted June 19, 2009 Author Share Posted June 19, 2009 Having installed it, I can answer my own question. It is NOT EVEN CLOSE to being PCI-Compliant! It stores the data in the database totally unencrypted and in plain text. Does anyone know how to make this securely encrypted? Thanks. Quote Link to comment Share on other sites More sharing options...
Guest Posted June 19, 2009 Share Posted June 19, 2009 His best options would be to use a payment gateway and take deferred payments - I know SagePay can do this but I'm sure others can as well - that way the credit card is authorised but payment is not taken until "released" i.e. at the time of dispatch Quote Link to comment Share on other sites More sharing options...
Rubin Remus Posted June 19, 2009 Author Share Posted June 19, 2009 His best options would be to use a payment gateway and take deferred payments - I know SagePay can do this but I'm sure others can as well - that way the credit card is authorised but payment is not taken until "released" i.e. at the time of dispatch This is exactly what I told him about an hour ago, and now he's gone for that, despite the extra expense. Thanks for your comment though, it made me a little more sure of myself! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.