close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

payment gateway

Thread began 5/21/2009 5:11 pm by gzirfas374932 | Last modified 5/22/2009 11:07 am by Ray Borduin | 1752 views | 3 replies |

gzirfas374932

payment gateway

I have finally gotten my cart with shipping, tax and everything working. I'm ready to implement the checkout process. But after discussing how my client handles their transactions I'm not sure which direction to go. As she explains it, in her cgi system before I took over, she had an ssl certificate. The orders were e-mailed to her, she had a key and decoded the CC number, ran the transactions thru her credit card terminal at the store (which she is already paying for) and then sent the items. The checkout wizard requires a payment gateway. She prefers to do it as she has in the past. Can you offer help on how to accomplish this???

Sign in to reply to this post

Ray BorduinWebAssist

Webassist eCart can help with everything except the encryption. Look at php mcrypt library to help with encryption: mcrypt

Other than that just run the checkout wizard as normal... select any local checkout payment gateway, and use authorize.net without express checkout... since "none" is not an option... just put in fake values and remove the local checkout server behavior on the confirm page when you are done.

Then you would just want to encorporate encryption and storing the Credit card information, which isn't done by default but could be added by updating the store cart summary in database server behavior on the confirm page.

The admin section would of course need reverse encryption. You could have them enter a key or even store the key in an admin controlled php file and automatically decrypt.

Sign in to reply to this post
Did this help? Tips are appreciated...

tom250037Beta Tester

Storing credit card numbers online is tricky. If you encrypt them with all with the same key, then they key needs to be stored online, which means that if your server were compromised, a hacker would have access to a database of numbers, and the key to decrypt them.
A system of public and private keys is probably the best, but you could also generate a random key for each sale, and then include that key in the merchants email.
Look into the mysql AES_ENCRYPT function.

Do just like Ray suggested, create your cart using something like authorize.net for the gateway, then on the confirm page,locate the code for that gateway, and replace it with your own function. something like this pseudocode

create random key (maybe a 12 character long random string)
update tablename set cardNumber=AES_ENCRYPT(cardnum,randomkey) where id=cartID
(actually, its a good idea to encrypt all card data, like cvc code, and expiration date as well.)


Then in the email block, include that randomkey in the email, and in the admin, when they access the account, you can have them enter that key to decrypt the card number.

And as always, its a good idea to have a function that lets them delete the card data after they download it.

As another added layer of security, you could store only the card number in a table by itself (just the card number, and the autoincrement id for that table), and then include in the merchant email the id that ties the entry in the credit card table to the customer in the orders table.

The down side to this system, is that if the email doesnt make it to the merchant, then it is not possible to decrypt the card data.

Hope that helps.

Tom

Sign in to reply to this post

Ray BorduinWebAssist

Good suggestions... particulary to delete the card number as soon as it is used so that you don't have an archive of hundreds or thousands of credit card numbers for a potential hacker to potentially find a way to access.

Sign in to reply to this post
Did this help? Tips are appreciated...

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...