Search

A new extension, “Credit Card Details” is now available for download. Comments and feedback can be left here but if you discover any issues, please post it on the issue tracker.

Does this field store the credit card number as well as validate it? Is that usually allowed, or even required, if credit card processing is provided through a provider such as Paypal, Worldpay etc

The storing of cards is allowed by all providers that I’m aware of. It’s more a question of data protection and security, which is a question for individual developers.

As to whether or not it is required, this depends on the service that is using it.

The card number is currently stored as an md5 hash. I put it in there to allow for a user (or customer service representative) to update it within their “billing” preferences on any given site. Although thinking about it further this would only be useful if the last four digits were visible (duh!).

I’ll make an update to store the card as follows:

xxxx-xxxx-xxxx-2292

Credit Card Details updated to version 1.3 on 3rd of January 2011

Oooh, you beat me to it! I was about to start working on this exact same thing! I built CC validation in MooTools using Luhn algorithm checks and was going to migrate it to Symphony, but you’ve done it now.

Very interesting, this proves that symphony is starting to get traction for serious ecommerce projects, maybe it already has, but you never see a lot of case studies here…

Your scenario is interesting, in that a client can update their own CC details when they change (new expiration and verification code each time a new card is issued) or he has a completely new card altogether. In Europe some banks offer virtual CC numbers, unique for each transaction, for paranoid shoppers, any annoyances with that?

The storing of cards is allowed by all providers that I’m aware of. It’s more a question of data protection and security, which is a question for individual developers.

I assume that on most ecommerce platforms, like ea. magento, the backend stores the CC details?

I think most payment processors offer, 3 options;

  • manual payment in backend by shopowner, for telephone sales
  • hosted payment page that redirects (like paypal standard)
  • full integration with api, using https

So you are using a ‘fully integrated’ webshop and therefore they want you to validate in your system? They will probably validate again on their system?

I can see another use for this extension.
For occasional sales, or as alternative to telephone sales, one could get a unique IP and cheap ssl, and then manually enter copy paste the details in your ‘telephone order’ backend. So just as a secure way to ‘capture’ clients CC and the most easy way to get started, even more then poating forms to a hosted payment page.

You’re right that I’m using a “fully integrated” webshop. In this instance it’s Website Payments Pro from PayPal. The scenario is a one-click sign-up, purchase and setup event, all of which is transparent to the user.

The driver behind the authentication of the card before making the call into PayPal is simply to enhance the UX - the NVP call takes time and making the user wait to tell them information that we already know is silly.

The storing of credit card details is really down to the requirements of the solution at hand, but as a general rule I see it as a bad idea. Unless there is a clear reason to do so (offline payments over the phone for example), then it should be avoided.

The extension could easily be updated to include a switch for this.

Very interesting, this proves that symphony is starting to get traction for serious ecommerce projects

There are some very large implementations - in value terms - out there, we just can’t talk about them.

How have you implemented the Website Payments Pro? Any Utilities/Extensions that could be shared? Or are these all behind an NDA too?

I have, yes. The work is still in testing, but will be released to the community in some form as soon as it is complete.

Brilliant. Looking forward to it!

I too very much look forward to any tools that allow easy integration of Website Payments Pro.

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details