[ic] checkout confirmation page
interchange-users@icdevgroup.org
interchange-users@icdevgroup.org
Fri Apr 25 18:01:01 2003
On Fri, Apr 25, 2003 at 02:21:12PM -0400, Mike Heins wrote:
> Quoting Joshua Rusch (josh@strongwords.org):
> > Hi,
> >
> > I'm wondering if there is a secure way in the most recent versions of
> > interchange (4.9.7) to have a confirmation page in checkout, ie have the
> > credit card number collected on checkout page 1, but do the actual
> > charge upon submitting checkout page 2-which just shows a review of the
> > information (without showing credit card number of course!).
>
> There is no secure way in any software that I know of, only insecure
> ways (i.e. storing the credit-card number en-clair on disk). That is
> why we never do it that way.
>
> You could do an auth early in the cycle, then reverse it if the order
> didn't get placed -- that would be secure but hard to maintain.
Done that abandoned that. The problem is the long delay for the
auth. Customers don't expect a delay at that point and it led
to lots of confusion.
--
Christopher F. Miller, Publisher cfm@maine.com
MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
1.207.657.5078 http://www.maine.com/
Content/site management, online commerce, internet integration, Debian linux