Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

v2.3 or ver.3 - Credit Card module


syscon

Recommended Posts

Do ver. 2.3 or ver. 3 of OSC have "Credit Card" module?

 

If I remember I was trying to upgrade to ver. 2.3 last year but it did not have working "Credit Card" module so we can accept credit card without going via third party

#Joseph

Link to comment
Share on other sites

That wasn't the best route osCommerce went.

Why not comply with PCI requirement? Encrypt the credit card information etc.

 

There is no reason to upgrade to newer version if we have to pay and go through third party to charge credit card transaction.

 

There are two problems with osCommerce:

1.) Upgrade is manual, a lot of manual work, no automated upgrades.

2.) osCommerce does not even have credit card module.

 

So what is the reason to upgrade?

If I have to do all the manual work to upgrade I might as well switch to something else that have credit card modules.

 

I'm disappointed with the direction osCommece went.

#Joseph

Link to comment
Share on other sites

 

There is no reason to upgrade to newer version if we have to pay and go through third party to charge credit card transaction.

 

I think you missed the point if you believe that the only thing happening with the upgrade is to loose the credit card module. This module was never meant to be used in real stores for real transactions, it was "for testing purposes only", using in the way you do now may be illegal, and for sure a huge risk, there are some topics about this

 

There are two problems with osCommerce:

1.) Upgrade is manual, a lot of manual work, no automated upgrades.

2.) osCommerce does not even have credit card module.

 

[...]

 

If I have to do all the manual work to upgrade I might as well switch to something else that have credit card modules.

 

I'm disappointed with the direction osCommece went.

 

You may want to take a look at this

Link to comment
Share on other sites

I think you missed the point if you believe that the only thing happening with the upgrade is to loose the credit card module. This module was never meant to be used in real stores for real transactions, it was "for testing purposes only", using in the way you do now may be illegal, and for sure a huge risk, there are some topics about this

 

You may want to take a look at this

 

Well, I'm not afraid of command line and doing some manual work, I have been running Linux Gentoo for 10-years :-)

I would like to support osCommerce as well but if I can not use it because it doesn't have featuere I MUST HAVE like (credit card module) it is of no use to me.

 

To process credit card transaction by merchant is LEGAL in Albert Canada. Besides we DELETE credit card information as soon as customer enter the order, so customer credit can information is not stored in any database (for extra security).

 

Why not make external module (an add-on) for those of use who want it and/or need it, we will use it at our risk; this would solve partially the problem.

I'm not going to pay external vendor to process my customer credit cards transactions, credit card companies already charge us enough fees in Canada for processing and I do not need another middle party in between.

 

Do external vendors have better security running their Microsoft Windows credit card processing software than us using Linux?

#Joseph

Link to comment
Share on other sites

It's a bit more complicated than that. Older versions had a 'cc' module for development/testing purposes only. It was not supposed to be used for production stores, but lots of store owners were using it anyway. It did things which do not conform to PCI-DSS, so osCommerce does not want the legal exposure of providing an illegal module. Conceivably, if you had a security breach and were heavily fined, you could turn around and try to hold the osC developers legally liable (even though you had agreed to use it at your own risk). So, the module was removed.

 

I'm not sure what kind of setup you're using, but it sounds like you might be transferring customer CC input to an in-store terminal. I hope you're aware that is in violation of any merchant account I've ever heard of, and when your bank hears what you're doing, you'll wish you'd never been born. To directly handle credit cards, you'll have to have a payment gateway and the third-party software (and fees) that goes along with that. Ask your bank (merchant account) what they would suggest for accepting credit cards on the Web. You could even ask them if they'll let you use an in-store system, but if they even let you, they'll probably want a hefty increase in fees (to cover the higher risk to them).

 

If your volumes are low enough not to make a merchant account/payment gateway feasible, it might be cheaper to go with an all-third party payment system, such as one of the PayPal plans (or something similar).

Link to comment
Share on other sites

The last time (recently) I contact our bank there is nothing illegal about the way we process the credit card. We use IVR system and it is legal, our bank is charging our credit card processing fee already so there is no need for extra gateway fees from third parties.

 

Our fees in Canada already covers any associated risk of credit card processing.

 

So it seems to me this will the the end of the road for osCommerce for us :-(

#Joseph

Link to comment
Share on other sites

 

So it seems to me this will the the end of the road for osCommerce for us :-(

 

If you can find another store system that will allow this, use it. With current worldwide legislation and pci dss compliance you should be thinking of your customers safety, not the ease of use for you. If a card supplier ie mastercard or visa, found out what you are doing they wil come down like a ton of bricks. If you are currently using a card machine with your bank, speak to them to see if they can upgrade your terms to allow you to do this. At the end of the day is a socking great fine worth the risk, just to save you a few dollars a month.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

If you can find another store system that will allow this, use it. With current worldwide legislation and pci dss compliance you should be thinking of your customers safety, not the ease of use for you. If a card supplier ie mastercard or visa, found out what you are doing they wil come down like a ton of bricks. If you are currently using a card machine with your bank, speak to them to see if they can upgrade your terms to allow you to do this. At the end of the day is a socking great fine worth the risk, just to save you a few dollars a month.

We are hosting our own store, external hosting companies are not reliable. They keep changing settings / upgrading their systems and the osCommerce always breaks down. We have tried external hosting and found it was very unreliable.

 

It seems to me your scaring talk about "...If a card supplier ie mastercard or visa, found out..." it is paranoia and/or incompetence to justify exclusion of serure credit card processing in osCommerce.

 

As I've mentioned, I've already talked to our bank and they don't find anything illegal in the way we process credit card transactions in Canada. If our bank approves the way we process the credit cards what makes you think that Visa or MasterCard office would disapprove it?

#Joseph

Link to comment
Share on other sites

To process credit card transaction by merchant is LEGAL in Albert Canada

 

You should check your facts again ! I just attended (2 weeks ago) an ecommerce conference in Toronto where we (attendees) were informed that manual credit card processing in ALL PROVINCES REQUIRES PCI DSS compliance and certification. So, it IS ILLEGAL to accept and process credit cards on your site. You are required to have PCI DSS certification or use a third party processor.

 

 

 

Chris

Link to comment
Share on other sites

You should check your facts again ! I just attended (2 weeks ago) an ecommerce conference in Toronto where we (attendees) were informed that manual credit card processing in ALL PROVINCES REQUIRES PCI DSS compliance and certification. So, it IS ILLEGAL to accept and process credit cards on your site. You are required to have PCI DSS certification or use a third party processor.

 

Chris

 

In this case our credit card processor is our bank as we are using their IVR system, so I'm guessing we are all compliant.

#Joseph

Link to comment
Share on other sites

For you to be able to actually save the cc info (even just for a short time and then deleting it) you will have to go through a rigorous set of checks to be PCI DSS compliant. (Among other including your website, the server its hosted on, the room the server is located in, anyone who can access the server/server room ++)

 

Save yourself the hassle and get a real-time payment gateway to process CC payments, since cc info is being transmitted through your website you will still have to be PCI DSS compliant but its much easier to achieve that way.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...