[ic] Credit Card Authorisation/Processing

Ross Cousens interchange-users@interchange.redhat.com
Tue Sep 18 21:00:01 2001


I realise the inherent security risk involved but we don't have time to
co-ordinate between printed e-mail messages and order reports. Our goal was
always to setup IC with a postgresql database (done), use ODBC with
Access/SQL Server to connect to postgresql database, process orders locally,
reconnect to update orders - or the other option is a web interface written
in either PHP or the ITL tag language (obviously one would be better suited
to it -- ITL) specifically for order processing. I'm not 100% sure if it's
possible but it seems feasible, so we'd like the credit card stored in a
database environment where we'd be able to pull the information from. As the
company expands our plans are should we see it as a security risk, then of
course we would move towards a PGP-encrypted option or something similar. I
know that in profiles.order I can change credit_card to keep, with standard
encryption (to check it's a valid number). I'm just curious if it would be
done easily to add another field to the Users table to store credit card
info, and then show that up in the order processing part of the admin
interface.

Regards,
Ross Cousens

P.S. If I'm totally off track please feel free to sink my submarine, I'm
just trying to get an idea here!

-----Original Message-----
From: interchange-users-admin@interchange.redhat.com
[mailto:interchange-users-admin@interchange.redhat.com]On Behalf Of
cfm@maine.com
Sent: Wednesday, 19 September 2001 10:15 AM
To: interchange-users@interchange.redhat.com
Subject: Re: [ic] Credit Card Authorisation/Processing


On Wed, Sep 19, 2001 at 09:35:01AM +1000, Ross Cousens wrote:
>
> What other options are there with the credit card besides automated
payment
> services and an e-mail sent to a local user. Is it possible to get
> Interchange to store the credit card number in the customer profile so
that
> it can be remembered/kept on file, and is it possible to display the
credit
> card number in the order process section of the administration interface,
or
> even in a report that would be printed off with a list of 'waiting for
> credit check' orders and the corresponding credit card # and items
ordered.
> Any documents that have a section focused on credit card handling routines
> etc?
>
> Thanks,
> Ross Cousens
>
> P.S. I realise this is a "security risk", but we have a few other methods
we
> plan to implement to keep the credit card info secured.
>

Continuing the thread of BIG RED WARNINGS: Perhaps we need a BIG RED WARNING
on the outside of the IC box that YES, you can modify the code and yes you
can do pretty much anything you want.  And yes, if you have to ask how to
shoot yourself you might not get too much help, particularly if you already
know its a risk.  ;^>

And getting from "yes you can do it" to "done" is a different matter....

Oh, I forgot... no box on which to put the warning label.



--

Christopher F. Miller, Publisher                               cfm@maine.com
MaineStreet Communications, Inc           208 Portland Road, Gray, ME  04039
1.207.657.5078                                         http://www.maine.com/
Content/site management, online commerce, internet integration, Debian linux
_______________________________________________
interchange-users mailing list
interchange-users@interchange.redhat.com
http://interchange.redhat.com/mailman/listinfo/interchange-users