Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Need help for a little changes on credit card information error message


Recommended Posts

I installed a addon call: Encrypted Credit Card with CVV2 on my new online store. here is the link: http://addons.oscommerce.com/info/8579.


during the testing with this paypament, the error message for wrong credit card information is so hard to make the user to pay attention. I tried many way to modify, I counld not make it looks like $messageStack style.


I attached few picutres to help whom is reading the post to understand better:



4rd pic is to show you how is the error message looks like if without any changes.


1st pic is for error message in language file.


2nd pic is for how does the error message to be called


3rd pic is to show you, that i tired to use html code to modify the language file, but failed.






I am looking for help. thanks a lot.





Link to comment
Share on other sites

Good question by @@burt. What are you doing storing credit card information, particularly the CVV2 code? Does this meet with the written approval of your bank (merchant account)? Are you in compliance with all PCI-DSS security requirements? If you aren't, and you get hacked, there will be hell to pay. I hope you're not trying to use the old "cc" module or even enter CC information on an in-store terminal -- most merchant accounts won't allow that.

Link to comment
Share on other sites





It's my opinion that the contribution should be removed from this website as it is illegal to use in MOST of North America and many other countries. I have flagged the contribution so maybe the forum moderators can make a call on whether or not THEY (moderators) may be held liable for allowing it on this website..





Link to comment
Share on other sites

Hi guys


Have you looked at the way the actual contribution works? It does not actually encrypt the data and store it - what it does is strip out part of the CC Number and substitute XXXX - it then saves that in the db and sends the missing four digits on by email.

Likewise the CVV - that gets stored in the db as XXX and the real number emailed.


Pre-authorisation a merchant can store a CVV but should dispose of it after authorisation.


So he's in a grey area there depending on how you define 'store' vis a vis emails but I don't think there's any other PCI breaches?


As to whether a he's in breach of a Merchant Account T&C then that's another issue - he may or he may not who are we to know?



Link to comment
Share on other sites

@@Bob Terveuren




I can tell you 100% that the contribution will NOT pass PCI DSS certification as it is currently written. It is not with the storage of the information in the database, but how the unencrypted portions are sent. Email is NOT secure unless encrypted, this the PCI DSS failure.




Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...