Down with OCC? (Offline Credit Card)

[simbo1905]

If you are collecting CVV2 codes, VM stores them in DB regardless of transaction mode or even the cc payment method used.
...snip..
This is evident in the fact that if you want to turn off (or modify the functionality of) DB storage of cc data (including CVV2 #s)...you have to modify other stock VM files.

I have brought this matter up before - storing the CVV2 in the database (encrypted or not) is totally in violation of the credit card industry standard which all merchant accounts say you must comply with:
http://virtuemart.net/index.php?option=com_smf&Itemid=71&topic=16426.0
so i dont believe that a company running Virtuemart would pass an audit by their bank or their bank's CC provider. (It happens - we have a neighbour that got a surprise random audit of their companies computer systems and online store by Visa to make sure that they were compliant - they don't use VM - and they are a very small local company).

You have to read your merchant CC terms and conditions - they say that you have comply with policy of each type of credit card that you accept - download and read those and they say that you have to comply with the standards doc - download and read that and they say that it is forbidden to store CVV2.

I have modified the code not to store CVV2 on my site - i posted a patch at that link above that automatically applies my modifications.

In my case I use the authorize.net payment gateway and it uses the CVV2 to take the payment at the end of the checkout. Authorize.net accepts or rejects the payment instantly - it is unnecessary to store the CVV2 in the virtuemart database.

Visa/Amex/MasterCard/Discover et al forbid you to store the CVV2 number - that is the point of it - it cannot be leaked or stolen by sloppy database security as it is forbidden to store it unless you are Visa/Amex/MasterCard/Discover themselves!

It should be noted that it is possible to take a CC payment without taking the CVV2 number. Clearly this is more risky for the merchant - but storing the CVV2 is risky to if you get caught violating your merchant CC agreement. Use a payment gateway and they can check the CVV2, and check whether the card is cancelled, and check that the billing address given on the site matches the address held against the CC card. If the order succeeds then all is good and the funds are already held for you at your merchant account.

[jc20unc]

I am trying to use Deneb's OCC with Mambo 4.5.3h and phpshop. I was able to install per directions but when testing after I enter the entire test CC info (Visa #4007000000027 or Visa #4111111111111111, if I enter Visa #4111111111111 I get invalid card#) I agree to Terms of Service and Click "Confirm Order" there is where I get the following error:

Fatal error: Call to a member function on a non-object in /home/glencoma/public_html/mambo/administrator/components/com_phpshop/classes/payment/ps_offlinecc.php on line 204

The following code is from lines 186 to the end (line 253), with line 204 indicated:

Something must be wrong with the $vmLogger variable? Any recommendations would be greatly appreciated.

*Update: I tried deleting the comment "//" from line 203 to see if that code was needed but I get the same error just for line 203

Code Select Expand


  /**************************************************************************
  ** name: process_payment()
  ** created by: Deneb (BMS)
  ** description: process transaction for offline use with authorize.net
  ** parameters: $order_number, the number of the order, we're processing here
  **            $order_total, the total $ of the order
  ** returns:
  ***************************************************************************/
   function process_payment($order_number, $order_total, &$d) {
   
        //Visa Test Account           4007000000027
//Amex Test Account           370000000000002
//Master Card Test Account    6011000000000012
//Discover Test Account       5424000000000015

        global $VM_LANG, $vmLogger;
       
        //$vmLogger->debug($VM_LANG->_PHPSHOP_PAYMENT_TRANSACTION_DEBUG);
LINE 204 $vmLogger->debug('Beginning to simulate processing delay');

if (OCC_DELAY_ENABLE == TRUE){
$delay_time = 6;
sleep($delay_time);
}

        //$response = array(1,1,1,1,1,1,$VM_LANG->_PHPSHOP_PAYMENT_TRANSACTION_RESPONSE);
$response = array(1,1,1,1,1,1,"Offline");

if (DEBUG) {
$_SESSION['response'] = $response; //for debug
}

        // Approved - Success!
        if ($response[0] == '1') {
           //$d["order_payment_log"] = $VM_LANG->_PHPSHOP_PAYMENT_TRANSACTION_OFFLINE;
   $d["order_payment_log"] = "PENDING: ";
           $d["order_payment_log"] .= $response[3];
           
           $vmLogger->debug( $d['order_payment_log']);
           
           // Catch Transaction ID
           $d["order_payment_trans_id"] = $response[6];

           return True;
        }
        // Payment Declined
        elseif ($response[0] == '2') {

           $vmLogger->err( $response[3] );

           $d["order_payment_log"] = $response[3];
           // Catch Transaction ID
           $d["order_payment_trans_id"] = $response[6];
           return False;
        }
        // Transaction Error
        elseif ($response[0] == '3') {

           $vmLogger->err( $response[3] );

           $d["order_payment_log"] = $response[3];
           // Catch Transaction ID
           $d["order_payment_trans_id"] = $response[6];
           return False;
        }
   }
   
}



Thanks!

[SuperMau]

Great!!! Just what I needed, Thanx. By the way, I have translated it to spanish if anyone is interested.

Thanks again.
SuperMau

[attachment cleanup by admin]

[deneb]

Fantastic module thanks.

One question. I dont need the ccv check. How do I disable it?

uncheck it in the OCC payment config

[110productions]

hey, so i installed occ and all that, but when i go to the shopping cart and try to check out a blank pages comes up with this error

SQL=SELECT oldurl, newurl FROM #__redirection WHERE oldurl LIKE '%/webcart/showcat%' LIMIT 1:
FATAL ERROR RETRIEVING SIMPLEBOARD URL

any idea's?

[knate]

I installed this payment method using the Manually Create A Payment Method instructions.

When I go to Store->List Payment Methods it lists OCC twice and I get this error:

Warning: fopen(/*******/administrator/components/com_virtuemart/classes/payment/ps_offlinecc.cfg.php): failed to open stream: Permission denied in /*******/administrator/components/com_virtuemart/classes/payment/ps_offlinecc.php on line 177


Any help would be MUCH apprecitaed!

[Yabba Dabba]

deneb hasn't been around for over a month, so I don't know if this thread/hack is dead, but just in case...

Having installed OCC (many thanks!!) how can one test to see if it is working?
That is, I want to use a common cc test number, but I get the following:

"Warning: Sorry, but the Credit Card Number you've used is a testing number!"

[Yabba Dabba]

Apparently there is a variable $is_test that must return "true" for the checkout procedure to accept cc test numbers.

Not seeing where this is set. Any suggestions

[Yabba Dabba]

The only cc test number that is rejected is the ubiquitous 4111... Visa number.

Using any other test number works without being in test mode (whichever way that may be set).

[eyal51]

Hi,

I am using a custom (local) credit card type in my site. So, I've added this card to my Credit Card List with a uniq code...

My credit card numbers are 8 digits long and the problem is that the verification proccess is checking the digits and gives me back: "The credit card in not valid.."

I've trying to add it manually inside "ps_payment_method.php" but with no luck...

Can anyone help me please?

Thanks,

Eyal

[Yabba Dabba]

I assume the OCC module includes an industry-standard Luhn checksum test to verify the cc number. If your numbers don't comply with that test, you would have to substitute your own test, or just disable the testing all together.

[eyal51]

That's exactly what I'm asking !

How can I disable this check??

[Nicholas]

Has this option been implimented in the latest version of VM? Because it seems like it does what your hack can do already. It sends part of the cc in the email (last 4) and the rest is on the order screen.

[esurge]

Hello all. 

I want to:
1 - collect CC information for payment of the customer's order,
2 - check to see if customer's cc has a valid number,
3 - store the order in an encrypted file (i.e., I do not want to send the cc info in an e-mail)
4 - download the encrypted order
6 - decrypt the order and cc number
5 - run the cc manually when the order is read to ship.

The above is grate.

I would like to make a recommendation. This would solve a few problems.

When and order is received it goes into the pending state. Cool, if you change it to shipped or cancelled then the system should delete the following

Card Number
CVV2
Exp Date

Can some please help with this because I have A LOT of client who need this now because of the new rules and all.

PLEASE let me know

Thank you

[Omini]

I can't download anything. Is there somewhere else to download this? Thanks!