Barbie97 Posted July 7, 2010 Posted July 7, 2010 Hi Everybody! I have set up my website to use PayPal Website Payments Pro (US) Direct Payments and PayPal Express Checkout. I noticed a couple things when using the Payments pro when checking out that need some help on: The page isn't secure. I for one, wouldn't put my credit card information on a page that I know isn't secure. How do I make it secure? When I tried to enter a credit card number, it wouldn't aceept it. Saying it didn't accept that type of card. It was a Visa. So iI'm thinking something isn't set up correctly. Any ideas? Thanks for your help!!!
MrPhil Posted July 7, 2010 Posted July 7, 2010 IIRC, Payments Pro keeps a buyer on your website (doesn't take them to PayPal.com, under SSL), and thus has your website handling credit card numbers? If so, your entire site needs to be PCI-DSS compliant (more than just SSL in use -- a whole audit). You may want to reconsider using Payments Pro if this is the case. Do you have the "enable SSL" flags turn on (true) in both your configure.php files? That would be a start, but I would check if your site will need to pass a PCI-DSS audit, since you handle credit card numbers on your site. I trust that you're not using the "cc.php" module -- that's just a sample and is not approved for real life use.
Barbie97 Posted July 14, 2010 Author Posted July 14, 2010 IIRC, Payments Pro keeps a buyer on your website (doesn't take them to PayPal.com, under SSL), and thus has your website handling credit card numbers? If so, your entire site needs to be PCI-DSS compliant (more than just SSL in use -- a whole audit). You may want to reconsider using Payments Pro if this is the case. Do you have the "enable SSL" flags turn on (true) in both your configure.php files? That would be a start, but I would check if your site will need to pass a PCI-DSS audit, since you handle credit card numbers on your site. I trust that you're not using the "cc.php" module -- that's just a sample and is not approved for real life use. Thank you Mr. Phil!! This, I didn't know. I do want to simply use Paypal to do the shopping cart and not handle the credit cards on the site itself. So what you are saying is, I need to remove the payments Pro and just use PayPal Express, right? Since I don't want the cc's going thru my site. Or maybe I should use paypal payments standard???
MrPhil Posted July 14, 2010 Posted July 14, 2010 I would check with PayPal to be sure, but if you're actually handling credit card numbers on your site with any of their plans, my understanding is that you will need to meet certain stringent requirements. Perhaps not a full PCI-DSS, if you're not storing credit card information, but you need to ask them to be sure. Any plan where you hand off the customer to the PayPal site to make the payment (and then they're returned to your site), should be able to do with simply SSL, and not have to meet PCI-DSS (as your site never sees the credit card information). If you're going with PayPal, why wouldn't you use just one of their payment plans, rather than multiple plans?
Barbie97 Posted July 14, 2010 Author Posted July 14, 2010 Thanks Mr. Phil, I'm actually just wanting to use ONE of PayPal's plans. One that will allow customers to use paypal OR their credit card to pay (but go thru paypal's site). I TOTALLY DO NOT want to have people give my client the credit card numbers thru their website. Mostly, I can't figure out how to integrate paypal standard on osCommerce. I've tried looking for information and just can't find it. I basically don't know what I'm doing and freakin' out man! LOL! Have you (or anyone) set up the PayPal Standard on their osC website? If so... how do you integrate it? I'm lossssst! :'(
Barbie97 Posted July 14, 2010 Author Posted July 14, 2010 Maybe I'm getting confused on the word integrating? When it says to integrate PayPal to my website.... But if I don't, how does my site know to go thru PayPal?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.