Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

CVV2 & Switch Contribution


Guest

Recommended Posts

I have installed the CVV2 and Switch Contribution and everything works fine the customers end, but when emails are sent to us to process we do not have the following information.

 

Credit card type

Credit card number

Name on the card

Expiry date

Start date for switch

Security code from back of card - CVV2

 

Can anyone please help me.

 

Cheers

 

J

Link to comment
Share on other sites

Why do you need all that info emailed to you? It is all available online.

 

Having it all sent via email would be quite a big security risk.

 

Most users will just have the middle 8 digits from the card number emailed to them, then collect the rest of the details from the order online.

 

Jon.

Link to comment
Share on other sites

The reason I asked this was because, when viewing the information via the backend, the page is not secure and my customer is worried about that.

 

What do you think is the best way to set it up.

 

Cheers

 

J

Link to comment
Share on other sites

Sending this information via email isn't very secure either, given how many gateways it can pass through to get to its destination.

 

On my site, the admin module has three layers of protection:

 

(1) The admin directory is password protected via an .htaccess file.

(2) I use the Administrators contribution to restrict access to the admin panel.

(3) All communication with the admin module is done via secure HTTPS (using SSL).

 

While I suppose you could send encrypted email messages, I believe the above methods are more useful in the long run.

 

Hope this helps,

 

Justin

Link to comment
Share on other sites

The first thing to do is to get the admin screens running via SSL.

- Is the site secure via SSL on the front end?

- Why can't the back end be SSL?

 

And if you haven't protected the admin directory, with .htaccess (or the administrators logon) then this is another priority - .htaccess would be the preferable option (though both is better). The other thing you can do is change the name of the admin directory.

 

Make sure the option to email the middle section of card numbers is also active.

 

You really do not want to send this information via email, even if it is encrypted.

 

Jon.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...