WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Capture credit card details? (8 posts)

  1. phatphat
    Member
    Posted 2 years ago #

    So this is more a question of "can I" rather than "how do I"...

    I want to set up an online store but due to complicated and quite long winded logistical issues, it would be so much easier/simpler to just capture the credit card details, then run the cards manually at my physical store location (on my POS system) rather than having to use an online credit card processor.

    Is this allowed? Are there any US laws that prohibit it?

    The main thing I'm thinking is security of the card details but I don't see how encrypted emails would be less secure than online live transactions.

  2. ClaytonJames
    Member
    Posted 2 years ago #

    Your question is substantially beyond the scope of this forum. You need to do some serious research on PCI compliance guidelines, and then seek advice from professional counsel in regard to what you may or may not be legally responsible for when dealing with credit card transactions and customer data security.

  3. jkohlbach
    Member
    Posted 2 years ago #

    Using something like YAK shopping cart you can take manual payments. I think other shopping cart systems allow for this too.

    Not sure if there's laws against it persay, but you probably want to then have an SSL certificate. There's no way I would put my credit card details in on an insecure page and I wouldn't expect others would either.

  4. Igal Zeifman
    Member
    Posted 2 years ago #

    You can not store CC data without PCI compliancy. Your options here are:

    1. Get a 3rd party vendor to handle billing for you.

    2. Use a contact phone for "billing by phone" (people will leave contact data and you`ll give them a call)

    The 1st option is obviously better as many will hesitate to leave personal info and the whole "we`ll call you back" idea stands in contrast of the "on-spot-purchase" people are looking for in on-line stores.

    If now, or in the future, you`ll consider reaching PCI compliance then you should know that this is a long and costly ordeal.
    You can learn more here:
    https://www.pcisecuritystandards.org/

  5. phatphat
    Member
    Posted 2 years ago #

    Thanks everyone for the responses.

    I actually know a lot about PCI compliance as my business is fully PCI compliant and I'm the compliance officer for our system.

    But this is where the problem lies; It would just be so much easier to capture clients details securely (even to the same level of security as a real online card processing service) then enter them in my POS system

    That way, I do not have to manage two different databases of client, payment and gift card information.

    Does anyone know if there is a way to securely take payment details - even like a database that I could log in to each morning and manually process the orders that have been placed?

    Thanks for all your help!

  6. ClaytonJames
    Member
    Posted 2 years ago #

    it would be so much easier/simpler to just capture the credit card details, then run the cards manually at my physical store location (on my POS system) rather than having to use an online credit card processor....
    ...But this is where the problem lies; It would just be so much easier to capture clients details securely (even to the same level of security as a real online card processing service

    It's not my intent to be rude or unnecessarily redundant and I really hope you won't take offense at the directness of my response, however; those sentiments contains some of the most fundamental examples of why PCI compliance exists in the first place.

    There are so many legitimate resources regarding the storing of CC/customer data, PCI DSS, merchant rules and regulations, and third party processing services, that continuing to seek an answer in a WordPress forum seems odd, or even a little suspect at this point.

    Certainly, if you are the compliance officer for your business, you must already have some excellent sources of information that can point you toward the resources necessary to correctly answer your questions, and help custom tailor a solution for your unique situation.

  7. phatphat
    Member
    Posted 2 years ago #

    It's not my intent to be rude or unnecessarily redundant and I really hope you won't take offense at the directness of my response, however; those sentiments contains some of the most fundamental examples of why PCI compliance exists in the first place.

    There are so many legitimate resources regarding the storing of CC/customer data, PCI DSS, merchant rules and regulations, and third party processing services, that continuing to seek an answer in a WordPress forum seems odd, or even a little suspect at this point.

    Certainly, if you are the compliance officer for your business, you must already have some excellent sources of information that can point you toward the resources necessary to correctly answer your questions, and help custom tailor a solution for your unique situation.

    No offense taken and it's not rude at all - I appreciate you trying to help.

    The issue is that my POS system is a completely closed system, meaning that if I have an online store selling gift certificates it will be totally discrete from my POS.

    This would mean managing two separate client databases, one of which is absolutely useless to me when a client comes in to redeem that gift certificate (We are a day spa and all client data needs to be in my POS system so we can track their treatment history, medical history etc).

    So if I have to use a 3rd party credit card system there is no way, apart from a painstaking manual process someone having to enter all those client's details in to my POS system, but even then my POS will have none of the payment details, so to find out how much is on a given gift card, i would then have to look on the online database for their purchase.

    Do you see the issue? It's nothing untoward or criminal - It's just a case of trying to be efficient and not using two entirely separate systems to manage payment and client info.

    If there was some way of just securely taking credit card details without charging, these could then be manually inputted and charged each day in to my POS system. That way, the details would be secure and i would just have one system for all purchases.

    Finally, even as the PCI compliance officer, i don't know a lot about online PCI compliance as we have one credit card terminal which is in a physical location. We've never had to deal or look in to online PCI before.

  8. phatphat
    Member
    Posted 2 years ago #

    So after exhaustively researching this (PCI providers, merchant processors, payment gateways etc) there simply is no legal way to capture card details without taking payment details as an instant transaction.

    No resolution as such, but there's no way forward in this method. Thanks to all for trying to help.

Topic Closed

This topic has been closed to new replies.

About this Topic