I'm half way through creating a goolgle checkout module.
Now there a few different ways of doing this.
Level 1 Is just a HTML forum that gets submitted with product, shipping information.
Leve 2 Has API intergation and forces you to have a SSL certifcate before you can recive requests for shipping methods and costs.
I think a lot people will not be able to use Google checkout level 2 because they do not have a SSL certifcate.
Does any one think its better to do just level 1? and try to include shipping calculate on the cart page?
Now there a few different ways of doing this.
Level 1 Is just a HTML forum that gets submitted with product, shipping information.
Leve 2 Has API intergation and forces you to have a SSL certifcate before you can recive requests for shipping methods and costs.
I think a lot people will not be able to use Google checkout level 2 because they do not have a SSL certifcate.
Does any one think its better to do just level 1? and try to include shipping calculate on the cart page?
OpenCart®
Project Owner & Developer.
I have several SSL certificates. Each for a different site.
Level 2 please.
I want as much security as is available.
I was also about to implement Google Checkout.
A module would be outstanding.
I'm not positive, but I think if you sell products online you need to be PCI compliant.
"The PCI compliance specification describes a set of requirements which participating businesses must observe to ensure that correct measures are taken to secure all data, both internal and externally exposed."
Level 2 please.
I want as much security as is available.
I was also about to implement Google Checkout.
A module would be outstanding.
I'm not positive, but I think if you sell products online you need to be PCI compliant.
"The PCI compliance specification describes a set of requirements which participating businesses must observe to ensure that correct measures are taken to secure all data, both internal and externally exposed."
Hi Daniel
I thing it will be best to have google checkout level 1, but then people like FxMan they will be mad
So will be possible to do one google checkout with level 1 and second google checkout with level 2? Or will be possible to make one module for google checkout and in configuration you can choose if you like to use level 1 or 2.
I know it will be more a lot more work for you, but it will be the best solution for everybody.
Thank for your work
I thing it will be best to have google checkout level 1, but then people like FxMan they will be mad
So will be possible to do one google checkout with level 1 and second google checkout with level 2? Or will be possible to make one module for google checkout and in configuration you can choose if you like to use level 1 or 2.
I know it will be more a lot more work for you, but it will be the best solution for everybody.
Thank for your work
Rich
Bird is the word
Presumably shops with an SSL certificate can still use level 1, so they remain secure it just means google checkout transactions are processed and secured via google checkout.
If thats the case then all shops with or without an SSL certificate can use level 1 but only a small percentage of shops that have the correct type of SSL certificate can use level 2.
Google checkout level 1 and the paypal equivalent are both PCI compliant. And as they handle the transactions on their secure servers on your behalf the online shop doesnt need to worry about most of the regulation.
If thats the case then all shops with or without an SSL certificate can use level 1 but only a small percentage of shops that have the correct type of SSL certificate can use level 2.
Google checkout level 1 and the paypal equivalent are both PCI compliant. And as they handle the transactions on their secure servers on your behalf the online shop doesnt need to worry about most of the regulation.
I have a level-2 Google Checkout in the making, with SSL-support (shared SSL certificate on your webhost is fine for callbacks from Google), and detailed product submissions to Google Checkout, being implemented as a guest checkout scenario. I was to have released it last month but real life work caught up with me, hope to have it finished and fully tested soon. It will have the same features as the one for Opencart 0.7.9.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
I am using the API classes and functions provided by Google which in turn use CURL and XML for sending stuff to Google, with an implementation of the Checkout API, the Notification API and the Merchant Calculations API according to the http://code.google.com/apis/checkout/developer/ guidelines.
The old 0.7.9 version is available here: http://www.mhccorp.com/downloads-opencart.shtml
Hope to have the new 1.3.x version released soon under a GPL licence, too.
The old 0.7.9 version is available here: http://www.mhccorp.com/downloads-opencart.shtml
Hope to have the new 1.3.x version released soon under a GPL licence, too.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
It appears that PCI Compliance will be a law in the US.
Here is a recent quote from an article:
"Is PCI Compliance a Law? Should it be?
Is PCI compliance a law? The short answer is no. The long answer is that while it is not currently a federal law, there are state laws that are already in effect (and some that may go into effect) to force components of the PCI Data Security Standard (PCI DSS) into law. In addition, there is a big push by legislatures and industry trade association to enact a federal law around data security and breach notification." The article is here: http://www.pcicomplianceguide.org/secur ... ce-law.php
Notice there are some states that already have this law.
So the question is:
How secure is Level 1?
Are you willing to risk your customers data?
(ok, that's 2 questions)
I have a little experience in the Merchant Services industry.
Those are the people who provide payment/credit card services for merchants.
The Merchant Services provider we use requires PCI compliance.
So it is just a matter of time before PCI compliance is a requirement for online sales.
It is about data security.
Why not implement it from the start for Google Checkout by using Level 2?
Then we won't need to implement a new module when PCI compliance becomes law.
PCI compliance covers your ass...ets.
Not mad.
Here is a recent quote from an article:
"Is PCI Compliance a Law? Should it be?
Is PCI compliance a law? The short answer is no. The long answer is that while it is not currently a federal law, there are state laws that are already in effect (and some that may go into effect) to force components of the PCI Data Security Standard (PCI DSS) into law. In addition, there is a big push by legislatures and industry trade association to enact a federal law around data security and breach notification." The article is here: http://www.pcicomplianceguide.org/secur ... ce-law.php
Notice there are some states that already have this law.
So the question is:
How secure is Level 1?
Are you willing to risk your customers data?
(ok, that's 2 questions)
I have a little experience in the Merchant Services industry.
Those are the people who provide payment/credit card services for merchants.
The Merchant Services provider we use requires PCI compliance.
So it is just a matter of time before PCI compliance is a requirement for online sales.
It is about data security.
Why not implement it from the start for Google Checkout by using Level 2?
Then we won't need to implement a new module when PCI compliance becomes law.
PCI compliance covers your ass...ets.
Not mad.
FxMan wrote:It appears that PCI Compliance will be a law in the US.
Here is a recent quote from an article:
"Is PCI Compliance a Law? Should it be?
Is PCI compliance a law? The short answer is no. The long answer is that while it is not currently a federal law, there are state laws that are already in effect (and some that may go into effect) to force components of the PCI Data Security Standard (PCI DSS) into law. In addition, there is a big push by legislatures and industry trade association to enact a federal law around data security and breach notification." The article is here: http://www.pcicomplianceguide.org/secur ... ce-law.php
Notice there are some states that already have this law.
So the question is:
How secure is Level 1?
Are you willing to risk your customers data?
(ok, that's 2 questions)
I have a little experience in the Merchant Services industry.
Those are the people who provide payment/credit card services for merchants.
The Merchant Services provider we use requires PCI compliance.
So it is just a matter of time before PCI compliance is a requirement for online sales.
It is about data security.
Why not implement it from the start for Google Checkout by using Level 2?
Then we won't need to implement a new module when PCI compliance becomes law.
PCI compliance covers your ass...ets.
Not mad.
this just shows me you have no idea about google checkout. all the data is stored on googles servers and nothing on the web site.
actually google checjkout is one of the worst checkouts I have ever done.
OpenCart®
Project Owner & Developer.
Its one of the most secure methods of payment on the internet and technically more secure than level 2.FxMan wrote:How secure is Level 1?
As Daniel said by using level 1 you dont store any customer payment details or process any transactions yourself, its all done via google checkout on its servers, there is no data to risk.FxMan wrote:Are you willing to risk your customers data?
Level 1 is PCI compliant, and using level 1 makes it alot easier for a shop to be PCI compliant compared to level 2.FxMan wrote:So it is just a matter of time before PCI compliance is a requirement for online sales.
Your trying to make level 1 seem unsafe and non PCI compliant without actually understanding it.FxMan wrote:It is about data security.
Why not implement it from the start for Google Checkout by using Level 2?
Then we won't need to implement a new module when PCI compliance becomes law.
Even with level 2 you have sufficient security. No credit card details are entered on the Opencart site. The customer is transfered to the Google Checkout page using the secure HTTPS protocol, and it is only there where he logs securely into his Google account to make the online payment. Google Checkout does send back messages to the Opencart server, hence the callback function on the Opencart end should support SSL, too. However, no critical payment details are send back to Opencart. Google only sends messages to Opencart about the progress of the payment process, or in order to get shipping quotes.
See for example our 0.7.9 Opencart demo on this, our upcoming 1.3.2 version will work the same way.
See for example our 0.7.9 Opencart demo on this, our upcoming 1.3.2 version will work the same way.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
You're right. I don't understand it.
So if Level 1 is PCI compliant, then do I need to be concerned about the compliance of my cart?
Would that also mean the I don't need an SSL Certificate?
The reason I want to use Paypal or Google Checkout is to avoid the $99-$125 setup fee for Authorize.net and the $20 monthly fee just to use their gateway.
Paypal and Google are a gateway/merchant account all in one.
No monthly fees or "statement" fees like a normal merchant account.
The transaction fee of 2.9% + .30 per transaction is about the same as a standard merchant account.
A standard merchant account normally has a .20 or .25 per transaction fee plus a monthly statement fee of about $10.
So that's about $30US per month for a merchant account vs. $0 for PayPal or Google.
If you know of any merchant accounts that have a similar fee structure to Paypal or Google, please share them.
The bottom line is if I can make it easy for the customer to use their credit card to checkout, be PCI compliant, and save money by using a Paypal or Google Checkout OpenCart module, then I'm happy.
So if Level 1 is PCI compliant, then do I need to be concerned about the compliance of my cart?
Would that also mean the I don't need an SSL Certificate?
The reason I want to use Paypal or Google Checkout is to avoid the $99-$125 setup fee for Authorize.net and the $20 monthly fee just to use their gateway.
Paypal and Google are a gateway/merchant account all in one.
No monthly fees or "statement" fees like a normal merchant account.
The transaction fee of 2.9% + .30 per transaction is about the same as a standard merchant account.
A standard merchant account normally has a .20 or .25 per transaction fee plus a monthly statement fee of about $10.
So that's about $30US per month for a merchant account vs. $0 for PayPal or Google.
If you know of any merchant accounts that have a similar fee structure to Paypal or Google, please share them.
The bottom line is if I can make it easy for the customer to use their credit card to checkout, be PCI compliant, and save money by using a Paypal or Google Checkout OpenCart module, then I'm happy.
Who is online
Users browsing this forum: No registered users and 111 guests