Manual Credit Card Collection - Potential Problems

Why you shouldn’t use manual credit card processing with online stores

Older payment modules like credit card and CEON Manual Card are not recommended for the following reasons:

  • they are not PCI Compliant
  • storing credit card details in your database puts the store owner at great financial risk in the event of a data breach. Fines can range from $5000 to $500,000 for said breach.
  • it may no longer be legal to do this (depending on your jurisdiction)
  • it may be a violation of your merchant agreement (depending on the terms you agreed to).

So what should you do?

The former will be better supported of course, but it’s your choice.

Notes:

  • Many gateways can be configured to Auth Only instead of Auth and Capture if your concern is that the final order total might change.

  • The plugin Authorize.net CIM Card on file allows you to securely store credit card information at the payment gateway. The Zen Cart database stores only a token for use in future charges. This method of tokenizing credit card data is the accepted best practice for enacting card on file transactions.

All these options give you a credit card entry form on your checkout payment page, which is what most customers will expect. (Naturally they all require an SSL certificate, but hopefully you already have one; if not, install SSL first.)




Still have questions? Use the Search box in the upper right, or try the full list of FAQs. If you can't find it there, head over to the Zen Cart support forum and ask there in the appropriate subforum. In your post, please include your Zen Cart and PHP versions, and a link to your site.

Is there an error or omission on this page? Please post to General Questions on the support forum. Or, if you'd like to open a pull request, just review the guidelines and get started. You can even PR right here.
Last modified June 15, 2023 by Chris Brown (e7aec7d).