[solved] send credit card information via secure form for manual processing

Hello,

My client wants to receive credit card information via a secure booking form on his website and manually process the transactions offline.

And he wants the padlock to appear in the browser etc so that the customer knows it is a safe and secure process.

Eg


We are in Australia and the purchases are mainly of services (coaching) plus a couple of tangible products.

How do I achieve this with MODx?

Thanks in advance.

You would do this the same way you would do it with any other web site. MODx does not in any way limit what functionality your site can have. Exactly how this is done totally depends on the payment gateway being used.

Thanks Sottwell.

I literally mean how do I do it?

I have done one small e-commerce site but never a site that captures credit card info for manual processing.

So what I am literally asking is, what do I need to do to make it happen. Is there a eform plugin for secure form sending of sensitive material etc? Do I need a special gateway?

Would you mind walking me through it?

Thanks so much in advance.

Well, in a nutshell, you’ll want something like this:

- ssl is a must
- infrastructure: shared hosting is a big no-no
- use only encrypted cc numbers in the DB or - heaven forbid - in emails. never store it as plain-text.
- decrypt cc numbers via protected admin-menu (e.g. as a modx module)

http://ch2.php.net/manual/en/ref.mcrypt.php

For basic cc-number validation, use the Luhn formula. For testing/debugging, here’s a few sample cc-numbers: http://www.darkcoding.net/credit-card-numbers/

I’m really sorry that this sounds harsh, but it’s the plain truth. If you don’t know what you are doing, you have no business handling credit card and other sensitive data. That is far to sensitive for newbie experimentation. Arrange for a trusted professional ecommerce developer to do this, if it really must be done.

This is not only for the customer’s sake, but for your client as well as yourself. If an insecure system leads to a security breach, your client will be held liable, and he will not be very happy with his web developer.

I’ve built a few simple ecommerce sites from scratch using direct access to payment gateways, as well as a number of sites using existing ecommerce applications such as CubeCart. Always the sites used forms and code provided by the payment gateway, and never stored sensitive information. I have several times refused a job such as you are describing; I wouldn’t take on the responsibility.

Thanks for the replies.

Cheers GaneshXL - thanks for pointing me in the right direction - that’s exactly the kind of info I was after.

Sottwell - That was funny. I’m still smiling about it. I think we got off on the wrong foot: if I need to make it happen, I need to know what’s involved. If its over my head, I’ll call in the big guns. The client is on a tight budget so if I ask a developer about it, its in my best interest to know up front roughly what’s involved - and how that might integrate with the modx site - so we don’t get taken for a ride.

... Always the sites used forms and code provided by the payment gateway, and never stored sensitive information.

Beauty - now you’re talking - I was wondering that.

There’s a plugin for nearly everything with Modx and just asking a question.

If the inexperienced never asked questions, we’d never gain experience!