Manual Credit Card Collection - Potential Problems
Older payment modules like credit card
and CEON Manual Card
are not recommended for the following reasons:
- they are not PCI Compliant
- storing credit card details in your database puts the store owner at great financial risk in the event of a data breach. Fines can range from $5000 to $500,000 for said breach.
- it may no longer be legal to do this (depending on your jurisdiction)
- it may be a violation of your merchant agreement (depending on the terms you agreed to).
So what should you do?
-
Switch to one of the built-in payment gateways. There are many payment processors Zen Cart supports.
-
Switch to one of the payment gateways from the Plugins Library.
The former will be better supported of course, but it’s your choice.
Notes:
-
Many gateways can be configured to Auth Only instead of Auth and Capture if your concern is that the final order total might change.
-
The plugin Authorize.net CIM Card on file allows you to securely store credit card information at the payment gateway. The Zen Cart database stores only a token for use in future charges. This method of tokenizing credit card data is the accepted best practice for enacting card on file transactions.
All these options give you a credit card entry form on your checkout payment page, which is what most customers will expect. (Naturally they all require an SSL certificate, but hopefully you already have one; if not, install SSL first.)