I've seen several different threads on this subject, but haven't seen a final solution. Has anyone created a module to accept credit cards offline yet, or is anyone willing to do it for a fee? I have a client I am trying to get onto OpenCart, but I need offline CC payment to make it fly.
Thanks in advance for any help.
Aaron
Thanks in advance for any help.
Aaron
I'm also having trouble locating said solution. If someone could possibly post a short description or link to a thread, we'd much appreciate it.
Edit: closest I've seen was this one http://forum.opencart.com/index.php/topic,936.0.html, which still has problems.
Edit: closest I've seen was this one http://forum.opencart.com/index.php/topic,936.0.html, which still has problems.
Last edited by sakathecheetah on Thu Jul 03, 2008 2:30 am, edited 1 time in total.
Jonathon,
Are you referring to a commercial contribution that you have available? I cannot see anything anywhere else.
=====================
sakathecheetah,
The link you gave is to a solution that seems not to secure the client credit card info. You should be saving payment information to a dedicated table with encrypted field values. Particularly because the database is on a hosted server out of your physical control.
From a workflow point of view, would you mind to tell me... how are you going to use the creditcard information to collect the money? Do you enter it into a payment gateway account of your own?
Are you referring to a commercial contribution that you have available? I cannot see anything anywhere else.
=====================
sakathecheetah,
The link you gave is to a solution that seems not to secure the client credit card info. You should be saving payment information to a dedicated table with encrypted field values. Particularly because the database is on a hosted server out of your physical control.
From a workflow point of view, would you mind to tell me... how are you going to use the creditcard information to collect the money? Do you enter it into a payment gateway account of your own?
yes i am refering to my commercial add on
as for work flow.. it checks for a valid number for type of card and so on
then puts info into a doc file - compresses and sends via email
or can be tossed into the db
from there the store owner can pull that -- and process thru any gateway they want..
for example in Canada store owners here can use there store terminals and enter the numbers manualy
with out the card.
Jonathon
as for work flow.. it checks for a valid number for type of card and so on
then puts info into a doc file - compresses and sends via email
or can be tossed into the db
from there the store owner can pull that -- and process thru any gateway they want..
for example in Canada store owners here can use there store terminals and enter the numbers manualy
with out the card.
Jonathon
Well, that's the point of offiline processing. Basically, when the user posts their order the owner gets sent an email that it's been posted and somehow accesses the CC data and order information. They then key it manually into whatever offline gateway they have. If the CC bounces or is otherwise declined, you contact the customer to resolve. It's sloppy, but is cost-effective for many smaller vendors.From a workflow point of view, would you mind to tell me... how are you going to use the creditcard information to collect the money? Do you enter it into a payment gateway account of your own?
I understand that the thread I linked to does not secure CC data. One way this is sometimes done is to send half of the credit card number along with the order notification to the owner (preferably using pgp or other email encryption). The other half is stored encrypted on the server which they access when they log in to the store. After that, the CC data should be deleted permanently from both locations. I think this is fine under PCI guidelines, or at least close.
Luvz2drv where can I find details of your commercial addon for offline payments?Luvz2drv wrote: yes i am refering to my commercial add on
as for work flow.. it checks for a valid number for type of card and so on
then puts info into a doc file - compresses and sends via email
or can be tossed into the db
from there the store owner can pull that -- and process thru any gateway they want..
for example in Canada store owners here can use there store terminals and enter the numbers manualy
with out the card.
Jonathon
I have a site where we have the details emailed to an email address on a server with a secured cert.sakathecheetah wrote: I understand that the thread I linked to does not secure CC data. One way this is sometimes done is to send half of the credit card number along with the order notification to the owner (preferably using pgp or other email encryption). The other half is stored encrypted on the server which they access when they log in to the store. After that, the CC data should be deleted permanently from both locations. I think this is fine under PCI guidelines, or at least close.
Then the client logs in via secured webmail to retrieve the info instead of sending to a regular email address. Still they will usually forget to delete all the old messages and leave old messages with cc numbers on the server so the pci guys don't like that.
The best way is to use something like pgp so that the data is always encrypted. Then I have problems getting the clients to figure out how to use pgp even though it is not that difficult.
I have had pci audits and they tell you what you need to be compliant (many, many pages) and I can never understand what they are talking about.
Are you still compliant if you store the payment info encrypted?
If you are, then...
Decryption is done by the external application using the private key which only you control because it is not even stored on the hosted server.
If you are, then...
- The payment extension collects the cc info and stores it in an encrypted field in a new payment table.
- You then have a separate, heavily secured application outside of the cart to view the payment info so that even the admin users of the cart do not have access to it.
- The cart code could be changed to delete the payment info when you have completed the payment and the money is confirmed in your bank account. ie, When the status goes to Shipped (say).
Decryption is done by the external application using the private key which only you control because it is not even stored on the hosted server.
Encryption is not enough in itself to ensure PCI compliance.
There are plenty of other criteria to fill which among others precludes the use of shared hosting.
And no mather how you do it or whatever encrytion you propose to use the CVV/CVV2 can not be collected and stored.
There are plenty of other criteria to fill which among others precludes the use of shared hosting.
And no mather how you do it or whatever encrytion you propose to use the CVV/CVV2 can not be collected and stored.
For Australians, an alternative to collecting cc data yourself is to use e-path.com.au
e-Path is a manual credit card payment gateway. It is not "real time" credit card processing. It enables you to collect credit card info for processing offline.
It is PCI compliant and best of all for me is that I can sleep at nights knowing no one is going to hack into my database and steal credit card details because my database has no credit card details.
You can find out more about e-path at www.e-path.com.au
e-Path is a manual credit card payment gateway. It is not "real time" credit card processing. It enables you to collect credit card info for processing offline.
It is PCI compliant and best of all for me is that I can sleep at nights knowing no one is going to hack into my database and steal credit card details because my database has no credit card details.
You can find out more about e-path at www.e-path.com.au
I just found out about opencart today and installed it to my web server. I really appreciated the fact that it's an opensource with a lot of hardwork put into this. What I don't really understand is that WHY this cart doesn't accept offline credit card?? With all the wonderful things this cart can do but left out one of the most important elements in doing e-commerce?
This somehow lets few people here taking advantage of making money from it. If you put the keyword "offline payment" you'll see a lot of requests and answers something like "it's been done" --> (commercially) and pm been sent. Yeah right!
If they are really looking to make money from it, why don't they just write the whole thing themself? This is suppose to be a community where people are contribute their knowledge, share ideas, to make things better, or even make the world a better place to live.
I think most people (including me) will better off go with different solution like prestashop, magento, oscommerce which come completed and totally FREE.
This somehow lets few people here taking advantage of making money from it. If you put the keyword "offline payment" you'll see a lot of requests and answers something like "it's been done" --> (commercially) and pm been sent. Yeah right!
If they are really looking to make money from it, why don't they just write the whole thing themself? This is suppose to be a community where people are contribute their knowledge, share ideas, to make things better, or even make the world a better place to live.
I think most people (including me) will better off go with different solution like prestashop, magento, oscommerce which come completed and totally FREE.
I totally agree.
I only used OpenCart for one of my clients website who only uses Paypal as a payment source, and because of the clean admin interface with its ease of use capabilities. But for all of my other websites I use Magento for the full features it has including the many various types of payment options.
The way Opencart is today it is only good for the most basic of ecommerce website, this is mostly because of its basic lack of payment options that are not available and free .
Hopefully in the future this will change. Opencart does have the basics down, they just have to add some more basic improvements for better acceptance.
I only used OpenCart for one of my clients website who only uses Paypal as a payment source, and because of the clean admin interface with its ease of use capabilities. But for all of my other websites I use Magento for the full features it has including the many various types of payment options.
The way Opencart is today it is only good for the most basic of ecommerce website, this is mostly because of its basic lack of payment options that are not available and free .
Hopefully in the future this will change. Opencart does have the basics down, they just have to add some more basic improvements for better acceptance.
Who is online
Users browsing this forum: No registered users and 4 guests