Not Accepting AMEX

[ShawnP]

I'm looking to find out the way that I can have my OScommerce site accept only Visa and Mastercard. We continually have to call back customers that purchase items with AMEX because we don't accept it... can someone help? I can't find it in the payment module.

 

Thanks so much

 

Shawn

[♥mdtaylorlrim]

I'm looking to find out the way that I can have my OScommerce site accept only Visa and Mastercard. We continually have to call back customers that purchase items with AMEX because we don't accept it... can someone help? I can't find it in the payment module.

 

Thanks so much

 

Shawn

It sounds like you are using the stock Credit Card modules that comes with osC. Otherwise, what credit card processing module are you using?

[ShawnP]

yup.. I suppose I'm using the stock module. I haven't changed or upgraded anything. What do I need to do?

[♥mdtaylorlrim]

yup.. I suppose I'm using the stock module. I haven't changed or upgraded anything. What do I need to do?

Well the stock Credit Card module in osC is not for production use (it says that right there on it,) is very insecure, and does not pass PCI compliance testing.

 

You obviously have a way to process credit cards already. Check with your merchant account provider and tell them you want to do online sales. Quite likely, if you have not already, they will tell you what is required. Online sales carry a different risk factor and to do another class of sales usually requires a modification of your merchant account agreement. (If you continue to do online sales without their knowledge eventually you will get caught and run the risk of losing your account altogether.) And, they might even have a drop in module osCommerce. Otherwise, check the Add-Ons section of this site for contributions for your specific merchant card processor.

[ShawnP]

Well, I don't run cards from my site now through my merchant... we get the CC numbers half via email and half on the OSC site and then we physically run the cards in our office. I'm really just looking for a way that will eliminate the possibility that someone can imput an AMEX in the field.

 

Thanks for your help...

 

sp

[♥mdtaylorlrim]

we get the CC numbers half via email and half on the OSC site and then we physically run the cards in our office.

Still considered an online sale. Take the risk if you want..

[♥mdtaylorlrim]

yup.. I suppose I'm using the stock module. I haven't changed or upgraded anything. What do I need to do?

In addition, if you have not changed or upgraded anything, including applying any of the security patches, you could already have lost control of credit cards by now.. Please at least apply all the security patches to osC before it's too late.

[MrPhil]

we get the CC numbers half via email and half on the OSC site and then we physically run the cards in our office.

Hoo boy. When your bank finds out, they will hang you out to dry. Like, when someone's credit card number is stolen off your unsecured site and they report that they made an online purchase from you, and your bank says, "hey wait a minute... they aren't authorized to make online sales!"

 

As mentioned before, you do not use the CC module for production -- I don't even know why osC is still shipped with it. If you want to take credit cards, your best bet is to use a third-party payment system such as PayPal (or similar). You can certainly set up a payment gateway and merchant account, but with the new PCI-DSS security requirements, it will cost you a fortune to do it to the standards that your bank will demand. It doesn't become cost effective until you are doing pretty high volume.