See https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Quick%20Reference%20Guide.pdf section 3.6
On Fri, Feb 11, 2011 at 1:39 PM, Matthew Talbert <[email protected]>wrote: > I appreciate the advice about the signal. However, I have to question your > statement about PCI compliance. If what you say is true, then how could > anyone possibly store cc numbers? Obviously many companies store them. > > > On Fri, Feb 11, 2011 at 1:03 PM, Ricko <[email protected]> wrote: > >> Hi Matt, >> >> You could fire off a signal when you manually set the order as >> 'shipped' in the admin section. Then you could do your extra >> processing. >> >> I think you have a bigger problem though - saving c/c numbers isn't >> PCI compliant. To be able to process c/c, you need an SSL certificate, >> and something like authorize.net to process. One of the requirements >> is PCI compliance. They wont grant you an account if they know you're >> storing numbers. >> >> Rick >> >> On Feb 10, 5:08 pm, Chris Moffitt <[email protected]> wrote: >> > By default Satchmo does not store cc numbers. However, if you do choose >> to >> > enable this option, it will be encrypted when stored in the database. >> > >> > The fact that Satchmo allows you to turn this capability on, does not >> mean >> > it is a good idea or one we recommend. In fact, storing credit card >> numbers >> > is a process we highly recommend against. >> > >> > For our standard warning on this topic, see here - >> http://www.satchmoproject.com/docs/dev/deploying.html >> > >> > -Chris >> > >> > On Thu, Feb 10, 2011 at 5:06 PM, Tres Finocchiaro < >> > >> > [email protected]> wrote: >> > > Just an outsider reading this convo... >> > >> > > Is the CC data stored in an encrypted fashion? Seeing PCI compliance >> > > sparked my interest. Sorry that its a bit off-topic. >> > >> > > -Tres >> > >> > > On Thu, Feb 10, 2011 at 3:56 PM, Stuart Laughlin < >> [email protected]>wrote: >> > >> > >> You can configure it to store CC info or not. I don't remember what >> > >> the default setting is. >> > >> > >> --Stuart >> > >> > >> On Thu, Feb 10, 2011 at 2:46 PM, Matthew Talbert < >> [email protected]> >> > >> wrote: >> > >> > Isn't Satchmo by default storing credit card info? (Sorry, this is >> my >> > >> first >> > >> > time with Satchmo). >> > >> > Yes, the customer will know. The idea is that my client will be >> calling >> > >> them >> > >> > and discussing the details. They will have an opportunity to cancel >> the >> > >> > order. >> > >> > >> > On Thu, Feb 10, 2011 at 3:43 PM, Stuart Laughlin < >> [email protected] >> > >> > >> > wrote: >> > >> > >> >> Sounds like it might be workable. If you store credit card >> > >> >> information, you need to look into PCI compliance. Also, as a >> customer >> > >> >> of your site, how do I know how much I'm going to be charged? Do I >> get >> > >> >> a chance to cancel my order once the shipping costs are >> determined? >> > >> >> Just some questions I reckon you'll have to work out, if you >> haven't >> > >> >> already. >> > >> > >> >> --Stuart >> > >> > >> >> On Thu, Feb 10, 2011 at 2:35 PM, Matthew Talbert < >> [email protected] >> > >> > >> >> wrote: >> > >> >> > What if I would change the payment processor to not authorize at >> all >> > >> >> > during >> > >> >> > checkout (only if the cart contained these items that can't be >> > >> shipped >> > >> >> > via >> > >> >> > UPS), then I would authorize and capture the entire (adjusted) >> order >> > >> >> > once it >> > >> >> > is marked as shipped? Generally speaking, we're not too worried >> about >> > >> >> > getting the card authorized ahead of time here. >> > >> > >> >> > On Thu, Feb 10, 2011 at 3:27 PM, Stuart Laughlin < >> > >> [email protected]> >> > >> >> > wrote: >> > >> > >> >> >> Oh, I see; I didn't understand that the shipping cost isn't >> known >> > >> >> >> until several days after the order is placed. >> > >> > >> >> >> I'm not coming up with any great ideas. You could set the >> payment >> > >> >> >> module to do authorization only at the time the order is >> placed, and >> > >> >> >> capture the payment later, once you've figured out the shipping >> > >> costs. >> > >> >> >> But when you capture the payment I doubt you will be able to >> alter >> > >> the >> > >> >> >> charge amount to be different from the amount that was >> previously >> > >> >> >> authorized. If that's the case then I suppose you could make a >> > >> second >> > >> >> >> charge to the same card for the shipping cost...? >> > >> > >> >> >> At any rate, it sounds like you are looking at a manual process >> (at >> > >> >> >> least until you automate it). Hopefully someone else will have >> some >> > >> >> >> good ideas. >> > >> > >> >> >> --Stuart >> > >> > >> >> >> On Thu, Feb 10, 2011 at 2:04 PM, Matthew Talbert < >> > >> [email protected]> >> > >> >> >> wrote: >> > >> >> >> > Well, I don't see how it's applicable. Maybe I'm just dense. >> But >> > >> I'm >> > >> >> >> > wanting >> > >> >> >> > to change the order later in the process (I think). What >> needs to >> > >> >> >> > happen >> > >> >> >> > is >> > >> >> >> > the customer confirms the order, then (up to several days >> later), >> > >> the >> > >> >> >> > shipping cost is plugged in, and after that point we need to >> > >> charge >> > >> >> >> > the >> > >> >> >> > credit card. >> > >> > >> >> >> > On Thu, Feb 10, 2011 at 12:21 PM, Stuart Laughlin >> > >> >> >> > <[email protected]> >> > >> >> >> > wrote: >> > >> > >> >> >> >> I think what you are describing doesn't sound too different >> from >> > >> the >> > >> >> >> >> UPS module. You probably want to create a custom shipping >> module >> > >> >> >> >> using >> > >> >> >> >> UPS and Dummy as guides. >> > >> > >> >> >> >>http://www.satchmoproject.com/docs/dev/shipping.html >> > >> > >> >> >> >> Does that help? >> > >> > >> >> >> >> --Stuart >> > >> > >> >> >> >> On Thu, Feb 10, 2011 at 11:00 AM, Matthew Talbert >> > >> >> >> >> <[email protected]> >> > >> >> >> >> wrote: >> > >> >> >> >> > Anyone? >> > >> > >> >> >> >> > On Feb 8, 7:08 pm, Matthew Talbert <[email protected]> >> > >> wrote: >> > >> >> >> >> >> Hi all, >> > >> > >> >> >> >> >> In the Satchmo shop I just set up, some products are >> shippable >> > >> >> >> >> >> via >> > >> >> >> >> >> UPS >> > >> >> >> >> >> while others will need to be shipped via common carrier. >> All >> > >> >> >> >> >> common >> > >> >> >> >> >> carrier items will require my client to get a custom >> shipping >> > >> >> >> >> >> rate. >> > >> >> >> >> >> The workflow we want is for the consumer to add the items >> to >> > >> the >> > >> >> >> >> >> cart >> > >> >> >> >> >> and approve the order. Then my client will get a shipping >> > >> quote >> > >> >> >> >> >> and >> > >> >> >> >> >> add that to the order. Then, when the order is shipped, >> the >> > >> >> >> >> >> credit >> > >> >> >> >> >> card is charged for the revised amount. What is the most >> > >> >> >> >> >> straightforward way to accomplish this? >> > >> > >> >> >> >> >> Thanks, >> > >> >> >> >> >> Matthew >> > >> > >> >> >> >> > -- >> > >> >> >> >> > You received this message because you are subscribed to >> the >> > >> Google >> > >> >> >> >> > Groups "Satchmo users" group. >> > >> >> >> >> > To post to this group, send email to >> > >> >> >> >> > [email protected]. >> > >> >> >> >> > To unsubscribe from this group, send email to >> > >> >> >> >> > [email protected]. >> > >> >> >> >> > For more options, visit this group at >> > >> >> >> >> >http://groups.google.com/group/satchmo-users?hl=en. >> > >> > >> >> >> >> -- >> > >> >> >> >> You received this message because you are subscribed to the >> > >> Google >> > >> >> >> >> Groups >> > >> >> >> >> "Satchmo users" group. >> > >> >> >> >> To post to this group, send email to >> > >> [email protected]. >> > >> >> >> >> To unsubscribe from this group, send email to >> > >> >> >> >> [email protected]. >> > >> >> >> >> For more options, visit this group at >> > >> >> >> >>http://groups.google.com/group/satchmo-users?hl=en. >> > >> > >> >> >> > -- >> > >> >> >> > You received this message because you are subscribed to the >> Google >> > >> >> >> > Groups >> > >> >> >> > "Satchmo users" group. >> > >> >> >> > To post to this group, send email to >> > >> [email protected]. >> > >> >> >> > To unsubscribe from this group, send email to >> > >> >> >> > [email protected]. >> > >> >> >> > For more options, visit this group at >> > >> >> >> >http://groups.google.com/group/satchmo-users?hl=en. >> > >> > >> >> >> -- >> > >> >> >> You received this message because you are subscribed to the >> Google >> > >> >> >> Groups >> > >> >> >> "Satchmo users" group. >> > >> >> >> To post to this group, send email to >> [email protected] >> > >> . >> > >> >> >> To unsubscribe from this group, send email to >> > >> >> >> [email protected]. >> > >> >> >> For more options, visit this group at >> > >> >> >>http://groups.google.com/group/satchmo-users?hl=en. >> > >> > >> >> > -- >> > >> >> > You received this message because you are subscribed to the >> Google >> > >> >> > Groups >> > >> >> > "Satchmo users" group. >> > >> >> > To post to this group, send email to >> [email protected]. >> > >> >> > To unsubscribe from this group, send email to >> > >> >> > [email protected]. >> > >> >> > For more options, visit this group at >> > >> >> >http://groups.google.com/group/satchmo-users?hl=en. >> > >> > >> >> -- >> > >> >> You received this message because you are subscribed to the Google >> > >> Groups >> > >> >> "Satchmo users" group. >> > >> >> To post to this group, send email to >> [email protected]. >> > >> >> To unsubscribe from this group, send email to >> > >> >> [email protected]. >> > >> >> For more options, visit this group at >> > >> >>http://groups.google.com/group/satchmo-users?hl=en. >> > >> > >> > -- >> > >> > You received this message because you are subscribed to the Google >> > >> Groups >> > >> > "Satchmo users" group. >> > >> > To post to this group, send email to >> [email protected]. >> > >> > To unsubscribe from this group, send email to >> > >> > [email protected]. >> > >> > For more options, visit this group at >> > >> >http://groups.google.com/group/satchmo-users?hl=en. >> > >> > >> -- >> > >> You received this message because you are subscribed to the Google >> Groups >> > >> "Satchmo users" group. >> > >> To post to this group, send email to [email protected]. >> > >> To unsubscribe from this group, send email to >> > >> [email protected]. >> > >> For more options, visit this group at >> > >>http://groups.google.com/group/satchmo-users?hl=en. >> > >> > > -- >> > > - [email protected] >> > >> > > -- >> > > You received this message because you are subscribed to the Google >> Groups >> > > "Satchmo users" group. >> > > To post to this group, send email to [email protected]. >> > > To unsubscribe from this group, send email to >> > > [email protected]. >> > > For more options, visit this group at >> > >http://groups.google.com/group/satchmo-users?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Satchmo users" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/satchmo-users?hl=en. >> >> > -- You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en.
