Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Process Credit Cards Offline


picasso566

Recommended Posts

I have a client who does not want to process the cards on line and use a gateway. They want to have the customer enter the credit card and then when the order is ready to ship, run the card with their machine at the brick and mortar shop.

 

Is there a built-in way to do this without code mods? Just thought I would ask before searching through the code and making it always approve the card and not even checking it through a gateway.

 

Any input is appreciated.

 

Paul

Link to comment
Share on other sites

just use the stock credit card option. it will load the cc info into the db and print it on every order. not the invoice but the order.. it's a stock option

<span style='font-family:Courier'>If you can't fix it Perl it!!!...</span>

******************************

Link to comment
Share on other sites

OK, I was just being too short sighted. For anyone trying to do this, it is SO simple, you probably did the same thing I did and thought that if you enable the CC module, it would attempt to validate the card. This is how it works:

 

If you just go to the credit card module and make sure "enable credit card module" is set to true thats all you have to do.

 

If a customer enters a card number all the software does (by default) is check whether the card is a valid number or not. Then it records the complete number in the database. If you lookup the orders, the CC # is there. I would want to come up with a solution for encrypting the number once the card has been processed and make sure SSL is loaded on the server.

 

Cheers.

 

Paul

Link to comment
Share on other sites

SSL will not encrypt the cc number in the db. you will have to use the **** contrib. it will remove the first xxxxx numbers in the db.

<span style='font-family:Courier'>If you can't fix it Perl it!!!...</span>

******************************

Link to comment
Share on other sites

I understand that SSL will not encrypt the CC# in the DB. Thats not what I said. What I said was:

 

1. Come up with a method to encrypt the CC# in the DB AND

2. Have SSL loaded so that when you are looking at the order and CC# passed in HTML to the user doing the admin, a packet sniffer doesnt find it because it is in an SSL'd packet.

 

Paul

Link to comment
Share on other sites

I use PGP encryption to encrypt the credit card information and than e-mail it to our clients. This way there is no credit card info stored on the server and only the client can decrypt the e-mail, making the whole process 100% secure.

 

The downside is that it requires some code modification and your web host needs to support PGP encryption.

 

Since we are also a web hosting company, I have written a hack for this specifically designed to work with our hosting service. If anyone is interested in more information please contact me directly.

 

Regards,

Miro

Link to comment
Share on other sites

If you enter an address into the 'split credit email address' filed in the CC payment module, it will then store the CC number in the DB as follows;

 

CC #4111XXXXXXXX1111

 

It will then email you the inner eigth digits at the email address you entered. This way, the complete CC number NEVER gets stored in your DB.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...