gazzzzzza Posted May 25, 2004 Posted May 25, 2004 I am getting close to launching our oscommerce based site but my client would like a brief explanation of how the built in credit card payment method works. For me to give him this, I need to understand how it works ! Could someone please advise me on this? I need to know: *where the cc number etc gets put in the database, *whether it is always encrypted (we are using SSL) (ie is it encrypted in the database?) *how the client is supposed to make use of the cc number - do they get it by email or through the orders admin? *any other useful info :) Any help with this will be gratefully received :D always here to offer some useless advice....
gazzzzzza Posted May 28, 2004 Author Posted May 28, 2004 someone must know how this thing works!!! im sure you all use it!! please could someone explain :( always here to offer some useless advice....
vasttech Posted May 28, 2004 Posted May 28, 2004 1. The credit card number gets put in the database as the first 4 digits and last 4 digits. The middle 8 are e-mailed to you. 2. The credit card number is not encrypted in the database since the whole number is not there. 3. If you do not have a payment gateway configured the client will have to look at each order in admin and then find the appropriate e-mail put the cc # together and run the card themselves. I would highly recommend a payment gateway since it will handle this for them. Basically that is all there is to it. osCommerce Knowledge Base osCommerce Documentation Contributions
gazzzzzza Posted May 28, 2004 Author Posted May 28, 2004 thanks very much very nicely explained :D i shall pass this on to the client and see what they want to do always here to offer some useless advice....
stevel Posted May 28, 2004 Posted May 28, 2004 A clarification. The default is to store the entire number in the database. There is an option in the configuration of the "Credit Card" module to enable the "split credit card e-mail". If you fill this in with an e-mail address, then it will do the split as vasttech explained. There are contributions to encrypt the number. One of them relies on a password stored in the .php files, so if someone gets access to your php files, they can read the numbers. Another one uses gpg, an external tool, to send an encrypted e-mail. That is much safer, but harder to implement. A payment gateway is secure - the number is not stored in your database (I don't think...) Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.