dlcmpls Posted October 11, 2010 Posted October 11, 2010 My customer is going to manually process online credit card orders in-store using their pos system. Yes, I know, this is clunky, but it's what they want to do. So I have to give them access to the credit card number for the order in the Admin tools. I'm wondering if it's possible to encrypt the cc number in the orders table, but then decrypt in the admin tools so the store owner can see the card number and process it. So in the database the cc number would be encrypted but in the Admin tools the number would be visible and decrypted. Or is there another good option? Remember, my customer needs access to the actual cc number in order to process the payment in store. Thanks for any help.
♥geoffreywalton Posted October 11, 2010 Posted October 11, 2010 First off I would strongly recommend that you do not do this without ensuring that your site is PCI compliant. Even then think again!! Oh and by the way don't do it. The risks of processing cc data on your site v the cost of a merchant solution is just a no brainer. Cheer G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>.
MrPhil Posted October 11, 2010 Posted October 11, 2010 My customer is going to manually process online credit card orders in-store using their pos system. Yes, I know, this is clunky, but it's what they want to do. And when their bank (merchant account) finds out what they're doing, they'll skin them alive. Not only is the process clunky, but I've never seen a merchant account for in-store sales permit online sales at the same fees. They'd better get clearance to do this, or the first web customer complaint to the bank will trigger an unpleasant surprise. Plus, since they're holding customer CC numbers on the system, they need to be fully PCI-DSS compliant (checklist and audit for physical and logical security for CC information). Tell your customer they're being stupid risking their entire business to save a couple of dollars.
dlcmpls Posted October 11, 2010 Author Posted October 11, 2010 Ok, never mind on this post. I don't want to debate the merits of the approach. I know all the arguments. I don't need those opinions. I was looking for advice on how to solve my problem, not a bunch of advice on PCI compliance.
♥mdtaylorlrim Posted October 11, 2010 Posted October 11, 2010 Ok, never mind on this post. I don't want to debate the merits of the approach. I know all the arguments. I don't need those opinions. I was looking for advice on how to solve my problem, not a bunch of advice on PCI compliance. Your problems will just be compounded by doing it. Your customer, when caught doing what he wants to do, will blame it on his paid programmer. We just don't want one of our own to end up in hot water over advice we give. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
npn2531 Posted October 12, 2010 Posted October 12, 2010 Your client may want to use a non PCI shopping cart that gets hacked all the time (it's not just OSCommerce, btw) but is he going to let his customers know they are putting their cc#'s online on an unsecure system? Oscommerce site: OSC to CSS, http://addons.oscommerce.com/info/7263 -Mail Manager, http://addons.oscommerce.com/info/8120
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.