Print Credit Card Number with Invoice
Print Credit Card Number with Invoice
I need to print credit card information in the printed invoice, what's the best way?
-
Logan Rhodehamel
- Developer
- Posts: 4116
- Joined: Wed Dec 10, 2003 5:26 pm
Re: Print Credit Card Number with Invoice
This could only be achieved with a customization to the script that produces the printed invoice. However this would open up some potential security concerns for us as a PCI validated application.
On top of this, the implication of printing the card number is something you as a merchant have to consider. Once the data is printed, it's no longer encrypted and only as secure as your printed document. You don't want to end up that company on the news who decided to trash a box of old printouts in the dumpster.
Because of the PCI guidelines, nobody from AbleCommerce can advise how to make such a customization. What I would ask is whether you have considered using an online payment gateway instead? There are quite a few included gateways to choose from. And when you use one, you do not have to retain card numbers at all - it's infinitely more secure than a print and process model.
On top of this, the implication of printing the card number is something you as a merchant have to consider. Once the data is printed, it's no longer encrypted and only as secure as your printed document. You don't want to end up that company on the news who decided to trash a box of old printouts in the dumpster.
Because of the PCI guidelines, nobody from AbleCommerce can advise how to make such a customization. What I would ask is whether you have considered using an online payment gateway instead? There are quite a few included gateways to choose from. And when you use one, you do not have to retain card numbers at all - it's infinitely more secure than a print and process model.
Cheers,
Logan
.com
If I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.
Logan
.comIf I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.
Re: Print Credit Card Number with Invoice
When you're working with multiple departments that have been doing things a certain way for ages it is infinitely easier to change the ecommerce solution than it is to change the system.
I believe Yahoo Merchant solution is PCI Compliant and they offer this feature in their printed invoices.
It is the same difference as seeing the payment details with SSL enabled in AC and printing out that page.
Although AC's default printed invoice is very lacking compared to most ecommerce solutions having the source code and being able to customize everything entirely seems to be a bonus.
I believe Yahoo Merchant solution is PCI Compliant and they offer this feature in their printed invoices.
It is the same difference as seeing the payment details with SSL enabled in AC and printing out that page.
Although AC's default printed invoice is very lacking compared to most ecommerce solutions having the source code and being able to customize everything entirely seems to be a bonus.
-
Logan Rhodehamel
- Developer
- Posts: 4116
- Joined: Wed Dec 10, 2003 5:26 pm
Re: Print Credit Card Number with Invoice
The issue is not whether we could make a printable invoice with card number in a compliant manner. The issue is what the merchant does with the printed page after.anglicool wrote:I believe Yahoo Merchant solution is PCI Compliant and they offer this feature in their printed invoices.
Yahoo, AbleCommerce, et. al. can be PCI compliant but it doesn't make your business PCI compliant. Each merchant is individually responsible for this. So once you have printed that invoice, you are responsible for following procedures to ensure the data is secure all the way through destruction. Most specifically, I am concerned for merchants ability to meet requirement 9 (Restrict physical access to cardholder data.) of the PCI requirements.
I am not trying to be difficult, but as we provide a PCI certified solution I am obligated to point out to you the potential security risks. Regardless, the order invoice script is open aspx - you can pretty much do whatever you want with the file.
Cheers,
Logan
.com
If I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.
Logan
.comIf I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.
-
ryanstowasser
- Lieutenant Commander (LCDR)
- Posts: 90
- Joined: Tue Oct 30, 2007 4:28 pm
- Contact:
Re: Print Credit Card Number with Invoice
We completed a similar request a while back on a 7.0.0 site.
We don't recommend this method, but if you need it for your site contact us for a quote.
We don't recommend this method, but if you need it for your site contact us for a quote.
Ryan Stowasser (ablehelp@vortx.com)
Vortx Inc
Custom Development for AbleCommerce Solutions
Vortx is an AbleCommerce Development Partner
Vortx Inc
Custom Development for AbleCommerce Solutions
Vortx is an AbleCommerce Development Partner