Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

PCI/Credit Card Encryption
 
syeakel1
Jr. Member
 
Total Posts:  4
Joined:  2009-07-29
 

All --

We’re new to the Magento world and we’re also working on becoming PCI compliant across our Enterprise.  I get that one of the ways to help get a Magento solution PCI compliant is:

-Do not use the Saved Credit Card module in a production environment (live site).

But our problem is we don’t charge credit cards from any of our commerce sites real-time since our fulfillment systems do that for us.  That requires that the order is stored with credit cards and transmitted to our fulfillment system to actually charge the card.  Which means (I think) we need to use the above module but store the credit card data encrypted.  Am I right about that?  Has anyone actually done that?  Any help would be greatly appreciated.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Incognito
Guru
 
Total Posts:  322
Joined:  2008-08-07
Michigan
 

Can you use authorize.net to authorize then capture when you ship?  The saved cc method is encrypted by default but it is not a good idea to store the cc # if you don’t have to.

 
Magento Community Magento Community
Magento Community
Magento Community
 
syeakel1
Jr. Member
 
Total Posts:  4
Joined:  2009-07-29
 

I’ve thought about that.  Unfortunately my company has multiple fulfillment systems.  So depending on the product, it would get routed differently.  With a single authorization id, I’m not sure how we can allow the various fulfillment systems to charge.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Lain
Jr. Member
 
Avatar
Total Posts:  9
Joined:  2008-05-27
Earth
 

Depending on what accounting software you use, an idea might me to have the credit card data bridged to be inserted into it upon order completion.

I recently updated to QuickBooks Enterprise and use a SOAP data bridge that inserts it directly into my accounting system.....even though I use a checkout processor. This would allow you to charge the order using Quicbooks credit card processor or manually run it via a terminal processor.

If your store is passing credit cards to multiple other vendors so that they can charge your customers cards, you should reconsider this as in most if not all countries that is illegal or at very least against most merchant bank processing terms. When a customer does business with you....they expect to see one charge from your business. This is especially true for B2B customers who need to accurately have some method for accounting purposes.

 
Magento Community Magento Community
Magento Community
Magento Community
 
syeakel1
Jr. Member
 
Total Posts:  4
Joined:  2009-07-29
 

We don’t have multiple vendors, but internally we have multiple fulfillment systems handling the various products.  So although the customer is placing a single order, we have to break up that order by product type and make multiple charges.

 
Magento Community Magento Community
Magento Community
Magento Community
 
pkircher
Member
 
Avatar
Total Posts:  53
Joined:  2008-09-19
 

PCI for community is currently not avaible ..

the enterprise version of magento would fit that requirement

 
Magento Community Magento Community
Magento Community
Magento Community
 
digitiser
Jr. Member
 
Total Posts:  29
Joined:  2009-03-02
 

As long as you don’t store CC info anywhere in your local system, It will largely depend on whether your fulfillment providers are PCI compliant, if so then you will fall in to Type 4 SAQ C compliance requirements yourself.  I beleive this requires you to fill out an annual questionaire and engage quarterly security scans.

Some easy to digest (for PCI) info here:

http://www.crucialwebhost.com/blog/ecommerce-pci-compliant-hosting/

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top