ejd32 Posted February 19, 2004 Posted February 19, 2004 Hi there, I am a bit of an oscommerce newbie... I have looked around the forums and other sites but I think these questions are so basic that nobody has asked them yet! I have setup osc on my host. Now I am setting up my merchant account for processing "card not present" transactions and my bank has asked me the following questions and I need to answer them but I dont know much about oscommerce. 1. Describe practices used for restricting internal access to card data 2. Are transactions of cardholder details to your website encrypted? If yes, what type of encryption is used? I have read the contrib on GPG and think I'll use that for encrypting credit card emails but dont know how sensitive internal stuff (like credit card details) are stored in mysql. Are they encrypted? I've looked through some of the tables but cant find credit card details anywhere! Can someone help? Are they encrypted? Thanks folks. Great product and great community. :D
♥ecartz Posted February 19, 2004 Posted February 19, 2004 If you use the GnuPG contribution, then you don't store the credit card numbers in the database. If you store them in the database, you can encrypt them but that is not part of the core code (there is a contribution). Credit card info is stored in the orders table. You should also use SSL and directory protection for your admin directory. If 128 bit SSL is available for your site, that is how you should encrypt communications with the customer. Note: this relates more to your server setup than to anything involving the osCommerce code. Hth, Matt Always back up before making changes.
Chris Dunning Posted February 19, 2004 Posted February 19, 2004 Or, if you plan to use a payment gateway such as authorize.net, you may not need to store the credit card information at all. I use authorize.net in my shop. To the best of my knowledge, the customer's credit card information is sent to authorize.net immediately after the customer enters it in my website - there is no need to store those numbers in the database. Chris Dunning osCommerce, Contributions Moderator Team Please do not send me PM! I do not read or answer these often. Use the email button instead! I do NOT support contributions other than my own. Emails asking for support on other people's contributions will be ignored. Ask in the forum or contact the contribution author directly.
jana Posted February 19, 2004 Posted February 19, 2004 I am also a newby. I am interested in using Authorize.net as my gateway. I'm unclear though, whether after installing and setting up osCommerce, I need to get my own Internet Merchant Account or not? Does Authorize.net cover that? Do I need to set up an Authorize.net account through one of their resellers?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.