Ok, thanks. No cc's in storage, no way. On Thu, Jan 27, 2011 at 11:33 PM, Bruce Kroeze <[email protected]> wrote:
> I'm not a certified PCI consultant, I can't even remember the right acronym > for it, but I have done several PCI audits. I'm quite certain about my > conclusions in this case, though. > > > On Thu, Jan 27, 2011 at 11:11 PM, Malcolm MacKinnon > <[email protected]>wrote: > >> But, for the sake of argument Bruce, are you an expert in these matters? >> >> >> On Thu, Jan 27, 2011 at 6:51 PM, Malcolm MacKinnon >> <[email protected]>wrote: >> >>> Bruce, >>> >>> Thanks for your reply, and I would also advise against manually entering >>> cc's in transaction terminals taken on the internet. Thanks for the >>> admonishment against it. >>> >>> >>> >>> >>> >>> On Thu, Jan 27, 2011 at 4:53 PM, Bruce Kroeze <[email protected]> wrote: >>> >>>> Another thing you've missed in your conclusions is that in every case >>>> that I know of, you *may not* use a "swipe terminal" such as you are >>>> describing to manually input credit card numbers taken on the internet. >>>> >>>> That's because the companies charge different rates for "card present" >>>> and "card not present" transactions. It is a different risk for them, so I >>>> actually (for once) am on their side on this question. >>>> >>>> Check your contract and tell me if I'm wrong. I'd love to find an >>>> example where it is permitted, but ... very unlikely. >>>> >>>> Don't do it, you risk civil penalties and at the least losing your >>>> merchant account. That's a pretty bad penalty! >>>> >>>> On Sun, Jan 23, 2011 at 7:51 PM, Malcolm MacKinnon <[email protected] >>>> > wrote: >>>> >>>>> After hours of further review and testing, I think I answered my own >>>>> questions: >>>>> >>>>> 1) Yes, you can store, encrypt, & decrypt credit card numbers, as long >>>>> as you're PCI compliant. You can't store certain credit card security >>>>> codes, >>>>> etc, under any circumstances, however, because the PCI rules prohibit you >>>>> from doing it. Storing permitted card information is probably not a good >>>>> idea for most small businesses due to compliance costs, etc. >>>>> >>>>> 2) In the admin, when you change the Order Status for a particular >>>>> order to shipped, an email notification to the purchaser will be sent as >>>>> long as you've authorized sending them in your site settings. >>>>> >>>>> >>>>> On Sun, Jan 23, 2011 at 12:12 PM, Mac <[email protected]> wrote: >>>>> >>>>>> Hi Everyone, >>>>>> >>>>>> I have a couple of general questions about Satchmo's payment modules, >>>>>> and shipiing and tracking capabilities. >>>>>> >>>>>> 1) Most modules, such as paypal, capture and store credit card into >>>>>> off site, so there are no compliance issues. But say, for example, you >>>>>> have a company that has their own backend accounting system, and >>>>>> accepts credit cards and runs them through their own merchant >>>>>> transaction terminals. Assuming all compliance standards are met, one >>>>>> could use the dummy payment module to capture and encrypt the credit >>>>>> card data, correct? If correct, how would you decrypt this data to >>>>>> process it? If not correct, has anyone implemented a custom payment >>>>>> model solution they might be willing to share (or sell)? >>>>>> >>>>>> 2) I see there is a url tracking/(?P<order_id>\d+)/$. I assume you can >>>>>> use the admin to update the status of an order to shipped first, but >>>>>> after that is there some kind of built in tracking capability >>>>>> available? Whenever I test this url, I get a error message: The order >>>>>> you have requested doesn't exist, or you don't have access to it. >>>>>> >>>>>> Any help would be very much appreciated. This is a great project! >>>>>> >>>>>> Thanks! >>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Satchmo users" group. >>>>> To post to this group, send email to [email protected]. >>>>> To unsubscribe from this group, send email to >>>>> [email protected]<satchmo-users%[email protected]> >>>>> . >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/satchmo-users?hl=en. >>>>> >>>> >>>> >>>> >>>> -- >>>> Bruce Kroeze >>>> http://www.ecomsmith.com >>>> It's time to hammer your site into shape. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Satchmo users" group. >>>> To post to this group, send email to [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]<satchmo-users%[email protected]> >>>> . >>>> For more options, visit this group at >>>> http://groups.google.com/group/satchmo-users?hl=en. >>>> >>> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Satchmo users" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<satchmo-users%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/satchmo-users?hl=en. >> > > > > -- > Bruce Kroeze > http://www.ecomsmith.com > It's time to hammer your site into shape. > > -- > You received this message because you are subscribed to the Google Groups > "Satchmo users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<satchmo-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/satchmo-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en.
