[Novalug] Anyone know about Credit Card PCI Standards Compliance?
John Franklin
franklin at elfie.org
Thu Jan 28 16:18:12 EST 2010
If you want to do that, check out one of the open source modules such as Ubercart and the existing payment gateway modules. A lot of modern payment gateways are web based. Authorize.net is one of the more popular formats, although the specific fields seem to vary from gateway to gateway.
I'm looking into this now for the Enterprise Forum. The payment processor we're leaning towards uses an Authorize.net style interface, but isn't supported by the Authorize.net module. It looks like I can change the fields in the HTTPS POST transaction to make it work. When I try it, I'll report back to the list.
Anyway, the point of this post is the existing open source carts and payment processing modules are a good place to start if you want to write your own.
jf
On Jan 28, 2010, at 3:53 PM, James Ewing Cottrell 3rd wrote:
> I would think that the people doing the audits would be able to provide
> you with the standards.
>
> When I was with UUNET back in 1990 or so, I had the pleasure of writing
> my own credit card processing program. Many customers wanted to pay by
> credit card rather than sending in monthy checks. It was a Perl script
> which used one of our modems to dial up the bank, spoke their
> bastardized Bisync protocol, and sent Authorize abd Settlement
> transaction over the wire.
>
> It wasn't that hard to do, but I wonder if you could do this now.
>
> JIM
>
> Stephan Greene wrote:
>> One of my wife's clients has decided (or has been told) that they need
>> to be in compliance with the Payment Card Industry (PCI) data security
>> standard. And that my wife may need to do the same. She's looking into
>> some low-volume approaches that won't require storing data
>> electronically, setting up encrypted file stores, getting a quarterly
>> PCI audit, etc.
>>
>> While she's asking me questions about this as the resident IT and
>> business expert, I don't do anything with credit card processing and
>> this is all new to me. Anyone here work with these systems?
>>
>> References for the curious:
>> http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
>> https://www.pcisecuritystandards.org/index.shtml
>> http://www.pcicomplianceguide.org/
>>
>> Thanks in advance
>>
>> Steve
>>
>> --
>> -----------------------------------------------------------------------------------------------------------------
>> Steve Greene ks1g04 at gmail.com <mailto:ks1g04 at gmail.com> <kay ess one
>> gee zero four>@gmail.com <http://gmail.com>
>> -----------------------------------------------------------------------------------------------------------------
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Novalug mailing list
>> Novalug at calypso.tux.org
>> http://calypso.tux.org/mailman/listinfo/novalug
>>
>>
>> ------------------------------------------------------------------------
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com
>> Version: 9.0.725 / Virus Database: 270.14.136/2616 - Release Date: 01/12/10 02:35:00
>>
> _______________________________________________
> Novalug mailing list
> Novalug at calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3914 bytes
Desc: not available
Url : http://calypso.tux.org/pipermail/novalug/attachments/20100128/e8eb0a2d/attachment.bin
More information about the Novalug
mailing list