I'm not a certified PCI consultant, I can't even remember the right acronym for it, but I have done several PCI audits. I'm quite certain about my conclusions in this case, though.
On Thu, Jan 27, 2011 at 11:11 PM, Malcolm MacKinnon <[email protected]>wrote: > But, for the sake of argument Bruce, are you an expert in these matters? > > > On Thu, Jan 27, 2011 at 6:51 PM, Malcolm MacKinnon <[email protected]>wrote: > >> Bruce, >> >> Thanks for your reply, and I would also advise against manually entering >> cc's in transaction terminals taken on the internet. Thanks for the >> admonishment against it. >> >> >> >> >> >> On Thu, Jan 27, 2011 at 4:53 PM, Bruce Kroeze <[email protected]> wrote: >> >>> Another thing you've missed in your conclusions is that in every case >>> that I know of, you *may not* use a "swipe terminal" such as you are >>> describing to manually input credit card numbers taken on the internet. >>> >>> That's because the companies charge different rates for "card present" >>> and "card not present" transactions. It is a different risk for them, so I >>> actually (for once) am on their side on this question. >>> >>> Check your contract and tell me if I'm wrong. I'd love to find an example >>> where it is permitted, but ... very unlikely. >>> >>> Don't do it, you risk civil penalties and at the least losing your >>> merchant account. That's a pretty bad penalty! >>> >>> On Sun, Jan 23, 2011 at 7:51 PM, Malcolm MacKinnon >>> <[email protected]>wrote: >>> >>>> After hours of further review and testing, I think I answered my own >>>> questions: >>>> >>>> 1) Yes, you can store, encrypt, & decrypt credit card numbers, as long >>>> as you're PCI compliant. You can't store certain credit card security >>>> codes, >>>> etc, under any circumstances, however, because the PCI rules prohibit you >>>> from doing it. Storing permitted card information is probably not a good >>>> idea for most small businesses due to compliance costs, etc. >>>> >>>> 2) In the admin, when you change the Order Status for a particular order >>>> to shipped, an email notification to the purchaser will be sent as long as >>>> you've authorized sending them in your site settings. >>>> >>>> >>>> On Sun, Jan 23, 2011 at 12:12 PM, Mac <[email protected]> wrote: >>>> >>>>> Hi Everyone, >>>>> >>>>> I have a couple of general questions about Satchmo's payment modules, >>>>> and shipiing and tracking capabilities. >>>>> >>>>> 1) Most modules, such as paypal, capture and store credit card into >>>>> off site, so there are no compliance issues. But say, for example, you >>>>> have a company that has their own backend accounting system, and >>>>> accepts credit cards and runs them through their own merchant >>>>> transaction terminals. Assuming all compliance standards are met, one >>>>> could use the dummy payment module to capture and encrypt the credit >>>>> card data, correct? If correct, how would you decrypt this data to >>>>> process it? If not correct, has anyone implemented a custom payment >>>>> model solution they might be willing to share (or sell)? >>>>> >>>>> 2) I see there is a url tracking/(?P<order_id>\d+)/$. I assume you can >>>>> use the admin to update the status of an order to shipped first, but >>>>> after that is there some kind of built in tracking capability >>>>> available? Whenever I test this url, I get a error message: The order >>>>> you have requested doesn't exist, or you don't have access to it. >>>>> >>>>> Any help would be very much appreciated. This is a great project! >>>>> >>>>> Thanks! >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Satchmo users" group. >>>> To post to this group, send email to [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]<satchmo-users%[email protected]> >>>> . >>>> For more options, visit this group at >>>> http://groups.google.com/group/satchmo-users?hl=en. >>>> >>> >>> >>> >>> -- >>> Bruce Kroeze >>> http://www.ecomsmith.com >>> It's time to hammer your site into shape. >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Satchmo users" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]<satchmo-users%[email protected]> >>> . >>> For more options, visit this group at >>> http://groups.google.com/group/satchmo-users?hl=en. >>> >> >> > -- > You received this message because you are subscribed to the Google Groups > "Satchmo users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<satchmo-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/satchmo-users?hl=en. > -- Bruce Kroeze http://www.ecomsmith.com It's time to hammer your site into shape. -- You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en.
