Credit Card Processing

I just read about a new premium WP theme that is an ecommerce theme. I can’t remember how much it cost off the top of my head but I’m pretty sure it was less than $79.

I’ll try to google and find it. It seemed to have some promise.

And your client will prolly have to spring for an SSL certificate if he/she doesn’t want to use PayPal.

Let me try to find that theme.

Update: That theme only uses PayPal for now. Too bad.
https://www.astereostudio.com/revive/showcase/market-for-wordpress-the-theme

But .. I did find this:
https://www.instinct.co.nz/e-commerce/

It uses payment gateways other than PayPal..

this is the problem i am having – i have looked at every e-commerce plugin i can find and they all use payment gateways or paypal..

all i want is to collect CC info over ssl

there must be something that can do this,

I am now taking this client down the oscommerce route.. i dont mind oscommerce but it is clunky and a nightmare to work with.

collecting and storing cc# in a sites database is way insecure and illegal in most cases. you need to use some sort of payment processor.

so every oscommerce site out there not using payment gateways are illegal???

go to the oscommerce forums and read up on the subject. I build oscommerce sites too, I know the software allows it, that doesn’t mean its proper. You’ve seen how many people come here with hacked wordpress sites. Imagine if they had a bunch of cc#s in their database.

identifying the risks is sensible but claiming that it is illegal is not very helpful.

amazon / dabs / play etc not only hold CC details but they do so permanently.

at least with oscommerce or a wordpress plugin with similar capability cc details would only be held for the duration of the transaction.

do your homework.

It’s not illegal to store credit card data, but you have to meet the PCI Standards. It is very expensive to be certified. Like boober suggested, do your homework. Here’s a link with a little info, but feel free to use such tools as Google to find more.

https://www.internetretailer.com/internet/marketing-conference/628898015-retailers-dilemma-store-or-not-store-customer-credit-card-dat.html

my homework says you are lost and confused. I can find quite a few conversations which state (quite correctly) that it is illegal to store CVS (the 3 security digits) but clearly not credit card info. E-commerce would grind to a halt if what you claim is true.

you cant store unencrypted cc numbers. oscommerce doesnt encrypt them, so unless you are using a contrib that encrypts the numbers, youre not PCI compliant. as of 2007 PCI compliance is not a request, or suggestion, it is now a requirement. if someone gets into your database, there are fines of up to $500,000 for EACH number breached. along with losing the ability to process cards at all.

Just a reminder to people future readers of this post looking for information. Please do your homework or consult an expert. Those of us who deal with issues such as e-commerce and laws governing it on a daily basis will be happy to help you. Keep in mind that many people contribute incorrect information to this forum and others.
magicker is incorrect. Just because he or she can find conversations in internet forums stating something doesn’t matter it true. I’m sure you could find tens of thousands of posts claiming that you can store credit card information as you see fit.
Fact is, there are many federal laws governing Payment Card Industry and related standards, and many states have such laws as well.

hallsofmontezuma, boober

just pull back a second there chaps. you seem to have missed my point.

my only objection to what boober said is that he made the claim that storing credit cards is illegal. its not. being non-pci complient and storing credit card info could result in massive fines: no one is arguing about that. storing the 3 pin security numbers is a no no.

being in the UK i have no idea what federal laws require so can’t comment.

hope this clears my thoughts up and sorry if i put anyone out – grateful for the help

Magicker,

Obviously, by default we would be discussing US restrictions.
Having said that, don’t post rumors that you may have read on forums as fact. People that don’t know will read it and think it’s true as you do.

You said

I can find quite a few conversations which state (quite correctly) that it is illegal to store CVS (the 3 security digits) but clearly not credit card info. E-commerce would grind to a halt if what you claim is true.

…which one would take to mean that you saw people on message boards or forums stating that storing credit card information is fine. You also specifically state that the e-commerce industry would grind to a halt if this weren’t so.
Most online vendors use gateways. The information is never stored on their server. The client’s computer makes a secure connection with the payment gateway, and it’s sent directly.
Some people do store credit card information and don’t do it legally. They then possibly post on a forum that this is fine to do. It’s not.
Amazon, etc hold credit card information and are PCI compliant. Amazon does not hold your data permanently, you must authorize them to do so.

Having said that, there are e-commerce/shopping cart systems out there which will capture credit card information and store it in your database. If you use one of these, and the data encrypted, isn’t securely transmitted to your database, which is encrypted and secure to certain standards, and the securely shown to you when you need to view it, you are allowing the possibility for someone to steal that information.
There are so many ways for this data to be vulnerable. Obviously, the data needs to be submitted through an SSL connection. But what about when it’s in the database? Is the information first encrypted? What about the database itself? Is the database secure? Is this on a shared server? What about the sys admins for the server? Linux recently had a vulnerability that allowed users with SSH access the ability to become root (admin) on the server. What about retrieving the information? Is the data securely sent back to your screen?

You may not feel that you should have any issues with storing credit card data, and I can’t speak for the UK, but American Express, Visa U.S.A., MasterCard International, Discover, JCB, and Diners Club, the United States federal government, mosts state governments, and many countries don’t agree with you and certainly require that you comply with the Payment Card Industry standards.
In fact, many gateways, such as Paypal, require you to be PCI compliant if you store the data temporarily before sending it to them.

So, before saying things like, “e-commerce would grind to a halt” and “you’re lost and confused,” please follow my and Boober’s advice and do your homework (not on other forums). PCI standards are readily available to vendors and consumers, and thank Hammurabi that relevant laws are as well.

oh who dont’ have ah problem with this surest as it is true even BK’s shit chew’ that i”l enough fromB”ch they gota” ol good ol’ wit’ dat dat always da talk LS. they even applied to my name so tell me again how they care?4349900? and he who him or (hiom) scrupples is the best! how is the feet in the yard wire it to drive! then excuse it cause da say ah’ she mautst be lieing but ha it must be nice to be whwo! they claim to be which at no time in difference do (I). is’ want be like dat!