Offline Credit Card Payment

[Guest vrakas]

The offline Credit Card Payment has been going on for a while.

I have made this Poll for us to vote and see how many want this or not.

Please feel free to vote and add a comment on the reasons you would or not like it. ;)

[roban]

VOTED...UH! That's not how I voted. This election is rigged.

[Guest woodbtreasures]

From the way that I understand it, there are VERY good reasons for Brooky not wanting to include this in his cart...and I agree with him 100% on this one.

There are simply too many security issues involved with capturing online card information and storing it on a server. The company and the individuals both could potentialy be held responsible for any security breaches. And believe that eventualy there would be a breach.

The beauty of cubecart is that the average person with only the most basic of knowledge can set up and use the cart. But that would also be it's downfall as most of it's user base is NOT going to know how to set up the proper security for this.

Let the word get out to the hackers that cubecart is storing CC info and they'll be trying to hack into every store that they can find!

Just my .02

[Guest]

I understand the security concerns, however:

1. Liability can be limited or eliminianted via incorporation

2. If the system is set up to only work under https (if it is not secure it is disabled) that would help to prevent security issues.

If we are confident that all 20 or so gateways are all secure, why can't we make a simple script to be secure as well?

[Guest vrakas]

VOTED...UH! That's not how I voted. This election is rigged.

Yoy hit the wrong button? lol :lol:

[Guest]

I have a question - isn't that mals-e commerce thing that is included in cube cart for offline credit cards? I mean it's free so is there a reason not to just use that for the credit card sales?

Terri

[Guest]

just a couple reasons:

1. you are depending on a 3rd party to hold you credit card info instead of cubecart (this is good if you trust them, or don't want to depend upon cubecart for security, this is bad if you are paranoid or want an integrated solution)

2. Mal's admin user interface leaves a bit to be desired, for instance, the orders page is on a seperate screen from the credit card associated with the order... to get the credit card number, you have to go to the order screen and write down the number, then go to the card number screen and go to that order to see the credit info

3. The mals gateway leaves a bit to be desired, for instance: If you add stuff to your shopping cart and start processing, but cancel from within the mal's site, cube cart has already cleared your cart so you have to readd all your items :alien:

[Guest]

thanks dingfelder. I can live with these reasons for now!

Terri

[Guest]

@dingfelder

you can batch download all your orders & card info together if you upgrade to premium & £49 per annum aint bad. I've got it looking something like the rest of the site & you get all the "verified by" & "hacker safe" logos & stuff. I am well pleased with the mals workaround for now. If anybody is interested in testing mine out I'll place a link (not live so be ok)

[Guest overdrive]

I understand the security concerns, however:

1.  Liability can be limited or eliminianted via incorporation

2.  If the system is set up to only work under https (if it is not secure it is disabled) that would help to prevent security issues.

If we are confident that all 20 or so gateways are all secure, why can't we make a simple script to be secure as well?

With dingfelder all the way here. Yes, everyone is concerned about liability but as dingfelder says, it can be made to function only when SSL is setup, just like with a fresh CC install, nothing works until CHMOD permissions are set properly and the 'install' folder has been removed.

Surely if SSL is enabled it is as safe as using Mals-e's secure server, but without, from what I've read on this forum, a load of hacking, hassle and headaches. Quite honestly, if the rest of CC wasn't so good to work with, many would be compelled to use another product (maybe they just passed over CC for another).

It seems crazy to have to resort to shoe-horning in an ineligant 3rd party nail-on to achieve this basic function. Like buying a new car and hand painting it with a six inch brush! I love CC and this feature would help make it an even better app I have someone asking for a new site with offline processing as the way to handle payments due to the amounts involved (luxury watches, genuine too!) and this is making me look at other packages

If nothing else there's some good money to be made for the first coder to produce this mod! C'mon, let's have it!

TC

[Guest vrakas]

One of the basic reasons i would like this feature is, the charges are to high for our country and as my clients allready have the card proccesing machine and are allready paying for that and commisions on sales they want to just press the numbers in and charge the client from there.

They are sure the client has money in there and the client can always cancel the payment if they were overcharged etc

There is always a way to do this and keep clients credit card confidential :cry:

[Guest minktoast]

I would love to see this feature. I used to manage a site where we got over the 'server storing credit card' problem by sending a secure encrypted email with half the card number and keeping the other half with the order on the server. That way a hacker would have to break into both parts of the system near simultaneously (unlikely).

I am planning to write a mod to do this for CC3 as I have a client that needs this functionality. Any comments on whether this approach sounds sensible?

Cheers!

(PS: This is my first post - started working with CC3 about a week ago after much time wrangling with osCommerce. I'm totally impressed so far - love the skinning capabilites, speed and easy admin. Looking forward to becoming part of the community.)

[Guest]

Boy do I need this - I have a client that does his processing offline period - My programming partner and I built his last program / so it was not an issue - I have my own server and security is not an issue - I had him buy Idev because it works with CubeCart and I thought cubecart HAD an offline payment -- I've already done a ton of work only to find out that they didn't - - I understand how it might be issues for some - and that some person might take the free download and do this - but maybe for paid people - with the verification and all that - it could be something for paid people because I was goign to recommend he purchase cubecart as well

[Guest overdrive]

Hi Kaelin,

have a look at this thread, the offline mod has been made by GWIZARD which I purchased recently, although I haven't had the time to implement it yet.

Offline Payment Mod

Hope this is what you're looking for! if you PM the modder, let him know I said hi!

TC

[Guest]

Hi Kaelin,

have a look at this thread, the offline mod has been made by GWIZARD which I purchased recently, although I haven't had the time to implement it yet.

Offline Payment Mod

Hope this is what you're looking for! if you PM the modder, let him know I said hi!

TC

I am in the process of buying this mod after talking to the "modder" about it the other day - looks ideal

However it should really be in CC as standard.

[Guest overdrive]

However it should really be in CC as standard.

Hey, quite honestly, don't get started on that subject as it has occupied quite some threads in the past with the main upshot being that legally, there is a grey area concerning what constitutes 'in transit' with credit card details and that handling and holding them leaves you vulnerable to punishment from the card issuer/bank etc.

Have a search on the subject and see ehat I mean... :)

[Guest]

well - I guess I'm going to use Zencart - I don't have time to go through and deal with ferreting out addons with upgrades and as fast as 3 is changing and as much as I like it - I do not have time to reinstall mods and such when every other cart has this as standard - I hope Brooky adds it one day - i really do, because I much prefer CC over all the others, and we bought idev to go with it and planned on paying the upgrade fee - I understand the issues and the security and if I did not own my own server - it wouldn't be something I would consider for my clients - but since I don't host people I don't know - it's not a threat for me like many others.

thanks for all the input...I have to keep things to minimal maintenance - so I guess I'll go fight with integrating the template now for zen ;)

[Guest]

Overdrive,

While I agree that this topic "has occupied quite some threads in the past", I disiagree with your conclusion that anyone is "vulnerable to punishment from the card issuer/bank etc".

In my mind, we pretty thoroughally discussed this and came to the conclusion that there i NO issue with transit, as this system is widely done in most other cart systems (including mals which we also support)

Basically, in the definition transit covers not only the electronic tansfer of a number between sites, it also covers the time it sits encrypted in a DB waiting for an admin to recover it (which is exactly what mals does)

IMHO, the ONLY legal issue is what happens if somehow someboy gets into your DB and somehow swipes the card numbers.

If this is not your impression, I guess we can agree to disagree. ;)

[Guest gwizard]

thanks for all the input...I have to keep things to minimal maintenance - so I guess I'll go fight with integrating the template now for zen

Good luck !

Main reason why I switched to CC from Zen is becouse I looked for SMARTY based template support.

This is also why I wrote the Manual Credit mod, becouse it is much easier to do that then adapt my design to Zen template system (which sucks bug time).

BTW, if you want, I have wrote converter from Zen to CC for importing Zen users and adapting the login in CC to support Zen password authentication.

[Guest overdrive]

IMHO, the ONLY legal issue is what happens if somehow someboy gets into your DB and somehow swipes the card numbers.

If this is not your impression, I guess we can agree to disagree.

Hi Dingfelder, I believe we are in agreeance! What I was referring to was the stance from CC and previous thread posts. IMO Mals-e can be classed as 'in transit' too as they are not the card merchant. I have bought Gwizards offline mod and intend to just daily flush the card details from the system. Some consider the risks of handling it at all too much but I know of businesses who use the 'mighty' Actinic just like this (Actinic has offline built in too but costs £1500 and is a pig to style!)

(Cue barrage of legal-ese posts?) :on2long:

[Guest gwizard]

I will finish shortly the AutoFlash option so you wouldn't have to do it manually.

I'll send ya the update when I'll run some QA on it for a change.

IMHO, the ONLY legal issue is what happens if somehow someboy gets into your DB and somehow swipes the card numbers.

If this is not your impression, I guess we can agree to disagree.

Hi Dingfelder, I believe we are in agreeance! What I was referring to was the stance from CC and previous thread posts. IMO Mals-e can be classed as 'in transit' too as they are not the card merchant. I have bought Gwizards offline mod and intend to just daily flush the card details from the system. Some consider the risks of handling it at all too much but I know of businesses who use the 'mighty' Actinic just like this (Actinic has offline built in too but costs £1500 and is a pig to style!)

(Cue barrage of legal-ese posts?)

[Guest irisservice]

I would say what many have said.. Make the option work under SSL only... And make a clear Credit card info feature like saztar had for ver2 of cc. Just as an extra safety net. I hope its added.. Thanks John

[Guest Brivtech]

I definetly agree, that this is a feature that should be included as standard.

Many of my clients use their own credit card terminals. Now many terminals are asking for numeric postcode information to verify the cardholder's address, as well as card security codes.

If an internet customer knows that their card details are being entered in securely, then there shouldn't be a problem. To be honest, I don't like ordering something and being taken to a gateway site that I've never even heard of. Fine if you're in the business, not so if you're an occasional internet shopper.

Make this a reality - It's a feature that will be widely used, and is promoted in many other shoppign cart systems as standard.

[citabriabob]

I have already voted "pro"; in fact, the only reason my first CC shop isn't online yet is because of the lack of this functionality. Also aware that a mod exists, but since this is a critical part of my requirements, I need to know that I will be able to continue its use in future versions even if the "modder" decides not to maintain it. (No offense meant qwizard - just a business decision.)

My shops are currently Perl-driven order pages, where the info is emailed under SSL; this has worked for many years without a problem, but it's time for a true shopping cart and CC appears to be the best. I have looked at osCommerce, X-Cart, Java-something or other (they no longer sell the software) and none of them offer the bright, "light" - but compehensive package and ease of use of CubeCart. I especially like the fact that the ordered items appear in a box, not just a total.

Phew! I sure get long-winded. I am trying to express the reasons for my vote, but also my appreciation to the developers of this excellent software.

[Guest gwizard]

I need to know that I will be able to continue its use in future versions even if the "modder" decides not to maintain it. (No offense meant gwizard - just a business decision.)

None taken as I completelly understand it.

Btw, as far as I know there will be no manual credit gateway in 3.1.0. At least, that's what Brooky said to me a while ago. Of course I will make the neccessary adjustments if it would be required.

For the record, I voted Yes as well :w00t: