[thelist] Specific Ecommerce Requirements
Christy Collins
ccollins at loudjoy.com
Wed Jun 28 07:37:54 CDT 2006
On Jun 28, 2006, at 6:57 AM, John Handelaar wrote:
> Hershel Robinson wrote:
>> But that's the answer--put in the MySQL DB. Many ecommerce
>> packages do
>> this by anyway--even if they do place the charge automatically at
>> checkout time.
>
> And they shouldn't. You don't keep people's CC
> numbers any longer than is absolutely necessary
> (unless you want to comply with the processors'
> data security reqs [tip: you don't] and/or get
> ejected by your card company).
>
> At the very least make damned sure you both
> deliver the checkout form, *and* receive it, over
> SSL.
>
> There's code in some of the Drupal payment modules
> (you'll want to copy one and edit it for your
> own rather weird requirement) to switch protocols
> at the right moment. My own Linkpoint_API one
> does it but isn't converted to 4.7 yet;
> Authorize_net does it too and may be worth a look.
I think the way Zen Cart's credit card module works is it stores part
of the number in the database and emails part of it to you - this is
the module that comes with the standard installation and you would
use for manual credit card processing.
-C
More information about the thelist
mailing list