I am using nopcommerce and its shopping cart to set up an e-commerce shop for a client of mine in greece.
he wants to use paypal as a payment option and accepts as well visas through another gateway. i am thinking authorise.net because they seem reputable and may people use it.
i am confused with that PCI compliance thing.
i want to make something clear first.
in both cases ( paypal & authorise.net ) we will not store the credit card details. i do not know if authorise.net stores this information. i hope not. i really hope that they just pass them to the various encrypted networks until the transaction is approved/declined.
so we do not store these details in our server. is there any problem with nopcommerce shopping cart and Authorise.net?
i looked in authorise.net website and i did not find nopcommerce as one of their "approved" shopping carts solutions?
will i have any problem with the law anywhere in the world if i use it? i mean the client just inputs his credit card details in my site and then through SSL go to other networks. can anyone who uses authorise.net and nopcommerce and have implemented their solutions around those two technologies, report any problem if any?
thank you.
Thank you for this awesome product.
nopCommerce shopping cart - Authorise.Net
- 585
- 3231
- 6/14/2009
- New Zealand
It won't make any difference if nopcommerce is not on Authorize's "approved" list. All your bank will care about is that you are using a PCI compliant gateway (which both authorize and paypal are) and your website is compliant. What I suggest you do is go through the PCI compliance questioniare and see if you pass compliance and then address any issues where you don't meet the requirements.
Hope this help.
Matthew
Hope this help.
Matthew
Certified Developer
- 31
- 193
- 11/2/2009
- Greece
Skiltz wrote:
yes it does. i mean know i understand that i have no problem my using authorize and paypal with nopcommerce.
i can use those 3 solutions to implement my ecommerce site. i assume that through authorize.net i can accept both visa and mastercard from all the countries in the world. is that correct?
you said "PCI compliance questioniare "
where can i find information on that? what do you mean if i pass compliance? my site will be hosted in a secure web server and i will SSL certificate to pass information on authorize.net.
i am a bit confused
thanks
It won't make any difference if nopcommerce is not on Authorize's "approved" list. All your bank will care about is that you are using a PCI compliant gateway (which both authorize and paypal are) and your website is compliant. What I suggest you do is go through the PCI compliance questioniare and see if you pass compliance and then address any issues where you don't meet the requirements.
Hope this help.
Matthew
Hope this help.
Matthew
yes it does. i mean know i understand that i have no problem my using authorize and paypal with nopcommerce.
i can use those 3 solutions to implement my ecommerce site. i assume that through authorize.net i can accept both visa and mastercard from all the countries in the world. is that correct?
you said "PCI compliance questioniare "
where can i find information on that? what do you mean if i pass compliance? my site will be hosted in a secure web server and i will SSL certificate to pass information on authorize.net.
i am a bit confused
thanks
- 585
- 3231
- 6/14/2009
- New Zealand
I read your question again. If users are putting credit cards numbers into your website then you will need to complete SAQ D on the PCI compliance. Its very complicated. https://www.pcisecuritystandards.org/security_standards/documents.php?category=saqs
The easist option is to redirect the user to authorise.net or paypal to eneter the credit card details.
The easist option is to redirect the user to authorise.net or paypal to eneter the credit card details.
Certified Developer
- 31
- 193
- 11/2/2009
- Greece
i do not want to store any credit card details in my site. but the way nopcommerce shoppping cart works is that the customers just add his credit card details in there and then i will redirect him to the authorize.net/paypal gateway.
wont't that work? do you actually mean that i sould not use the shopping cart at all?
what about all these sites ( show case )? what do they use?
thanks
wont't that work? do you actually mean that i sould not use the shopping cart at all?
what about all these sites ( show case )? what do they use?
thanks
- 585
- 3231
- 6/14/2009
- New Zealand
PCI isn't ONLY about storing credit cards, its also about making the environment safe (hardware and software). With authorise.net and paypal you can either get people to enter the credit card details on your website or redirect so they the credit card details never touch your website. If people enter credit card details on yoursite, no matter if you store them or not you will need to complete SAQ D because you need to make sure your envornment is safe, the easiest thing to do is redirect the user to authorize.net or paypal where they enter all their details and them come back to your site once the payment is completed.
Certified Developer
- 31
- 193
- 11/2/2009
- Greece
i do not know if my previous post made any sense. What i mean is that when i buy a product and i click checkout, at some point i have to select payment option.i select then credit card. then a screen appears where i must enter the creidt card info.
my question is this
1) when i enter the credit card details there, are they kept in my server? i hope not.
2) at the end of the payment ( confirm stage and complete stage ) is the place for me to redirect the customer to the gateway? is this the PCI compliance thing to do? that is how i imagined it. that at the end of the payment stage i would redirect the client through ssl to the gateway.
if not when should i redirect the client that chose to pay with credit card to the gateway(authorise.net)?
should i change a lot of code? can't i use the nopcommerce shopping cart?
thank you.
my question is this
1) when i enter the credit card details there, are they kept in my server? i hope not.
2) at the end of the payment ( confirm stage and complete stage ) is the place for me to redirect the customer to the gateway? is this the PCI compliance thing to do? that is how i imagined it. that at the end of the payment stage i would redirect the client through ssl to the gateway.
if not when should i redirect the client that chose to pay with credit card to the gateway(authorise.net)?
should i change a lot of code? can't i use the nopcommerce shopping cart?
thank you.