Newbie Seeking Advice

[madden]

I have no experience so far in setting up any shopping carts or anything (though I've done some blog software and other database PHP stuff).

 

I want a very simple way to get credit card numbers from people wishing to rent a villa in South Africa. My property manager will run the credit cards on her machine. I just need a secure way for a renter to get me their number.

 

I am willing to buy a security certificate from TCH. Now I just need some way for a client to input their credit card number so it will get to me (I can retrieve it from a database and then delete it, or whatever). I don't need it to charge the card or anything.

 

What would be the simplest and best way to set this up? Thank you for your help.

 

Pat

[stevevan]

While I don't have any shopping carts on my sites, I would suggest that you might want to look at scripting sites like hotscripts.com. I would, however, make sure that security is of utmost importance when setting up your script. IMHO...you can never do enough research!

 

Maybe others who use shopping carts on a regular basis can offer up some other solutions for you.

Edited July 31, 2006 by stevevan

[youneverknow]

I just need a secure way for a renter to get me their number.

 

How about a phone call?

youneverknow

[TCH-JimE]

A client may not like their credit card details stored on a database, I know I don't, and you would have to warn clients this is what would happen. You would also have to make them aware the transition is not quick, some people expect to see it appear on there internet banking site immediatley

 

JimE

[madden]

Thanks for the comments. Since people are coming from all over Europe (to either London or Cape Town), phone calls are less than ideal (though not impossible).

 

The idea would be to remove the credit card number from the database immediately upon retrieval, not store it. I suppose I could betray people's trust, but I could do that with a phone call, a pen, and a piece of paper, too. Nobody pays cash for the villa, so at some point, they have to trust that I will charge them only for their rental and then destroy any record I have of their credit card number.

 

Of course, it doesn't have to be a database. I just want a way for people to "pay" through the website. The transaction would happen very quickly, though not immediately, as you mention. So I'll be sure to mention that (of course, most transactions I make with my credit card take a day to appear anyway).

 

So: these shopping cart programs: how do they work for taking credit card information? Are they hooked in to a seller's credit card system? Is it all automatic, invisible to the buyer and seller?

 

Thanks,

 

Pat

[knate5000]

You can setup a CMS website using Joomla (In Fantastico) then install a component called Virtuemart.

 

Once you install virtuemart go to this link in the virtuemart forum:

 

http://virtuemart.net/index.php?option=com...p;topic=14955.0

 

This is for offline credit card processing.

 

You can use Virtuemart as a shopping cart or a catalogue.

 

They are both easy to setup and both have a very active forum at their respective websites.

 

Also, a CMS would allow people to rate your place and give feedback to others.

 

That's my 2 cents....

Edited August 1, 2006 by knate5000

[TCH-Dick]

Since your property manager has a point of sale machine to process credit cards, I would start with seeing if her payment processor offers an online solution. If they do then it will likely integrate into most standard cart solutions or they will provide an API for a custom cart. Then you will not have to worry about storing card numbers.

[madden]

I may check out what options my property manager's payment processor offers. I think setting up an entire CMS is more work than I want to do right now.

 

Aside from the problem of storing credit card information in a database, there must be some way to get information from a user securely, no? I mean, if it's safe enough to go ahead and run a credit card into a payment processor, then it must be safe (and easier) to just get me their credit card information, no? And while I appreciate people's concerns about storing the numbers, this would be no more risky than ordering something by phone or with a merchant who runs a carbon copy of my credit card, no?

[TCH-Tim]

this would be no more risky than ordering something by phone or with a merchant who runs a carbon copy of my credit card, no?

True enough, but if you can avoid it you should. There are plenty of secure options out there. It takes about ten minutes to set up a PayPal business account (which is free) and you can just give customers the payment link, or put buttons on your site. PayPal does the processing and puts the money in your PayPal account, which is linked to a bank account. Easy enough.

[Samrc]

I second the PayPal for ease of use, simplicity and quick setup.

 

Not only does PayPal process credit cards now, if your client has a PayPal account they can use that method too. The fees are reasonable and the service is worldwide. You can set up an order page that matches your site and after the payment is done, they can be transferred to another page on your site that gives instructions, thanks them, or other type of confirmation depending on your own preference. PayPal can be used on the most basic of sites and does not require full recoding to take advantage of it.

[madden]

Thanks, everyone, for your suggestions. I've checked with my property agent, who works out of South Africa, and I'm convinced there is no realistic way to process credit cards with an online shopping cart. Likewise, PayPal is not a viable option. This is from the PayPal FAQ:

 

South African residents may not use PayPal to receive payments. PayPal continues to research how best to expand its offering in South Africa.

 

I've found some web hosts who claim to offer the service that I want. Here are some links:

 

TCH-Bruce: I've removed the links. Please don't post links to other web hosts in our forums

 

How do they do this? Is it not really secure?

 

If the concern is that, with credit card numbers stored somewhere, I will be tempted to reuse them for criminal purposes later, I think this is the same risk anyone takes when they give their card number over the phone or at a carbon-copy machine. The world is not all as advanced as the U.S. with double-blind cash registers and online payments. My method will be to charge the cards, then delete the information. I just want to make sure nobody unauthorized can intercept the numbers.

 

So: if anyone knows a way to do this, similar to what's promised in the two sites lined above, that'd be wonderful.

 

Thanks,

 

Pat

[madden]

TCH-Bruce: I've removed the links. Please don't post links to other web hosts in our forums

 

Wow. Talk about protectionist policies. Did you have to remove the quotes, too?

 

Anyway, suffice to say that there are people out there in the world who claim to have the solution I'm looking for: a way to securely receive and temporarily store numbers. The questions remain: are people who allow such a service dangerously unsafe? Or are the only concerns here at TCH about my personal trustworthiness?

 

By the way, Bruce, you realize that I'm looking to spend more money here at TCH to buy a security certificate? If I were looking to move, I'd have been gone already.

 

 

TCH-Bruce - I responded to this privately.

[rksprst]

You can install a shopping cart called CubeCart (which is in Fantastico in cPanel). There is then a mod for it called "manual credit card processing" or "offline credit card" that will collect the credit card info. It will then be available in your admin section. Once you have marked the product as "shipped" it will be deleted. It is stored securely (encrypted) in the database and deleted once the product is "shipped".

I'm not sure of the exact location of the mod... but you can find it by searching for it on cubecart.org

 

You can probably modify/hack the checkout page to simply use that feature... and not use the whole store.

 

The store itself thought might work as you can make each villa a "product" and so to rent one you have to "add it to your cart" and "purchase" it. Would simplify your website... as you dont have to do any coding... and essentially already have a site up and running.

[Deverill]

Madden, it's always been the policy to not link to other hosts in the forums. It's like walking through Circuit City with a huge sign saying "Better prices at Best Buy!" - it's just not allowed. It's not to stop you from going there or from admitting they exist - anyone can find out about other hosts - it's about free advertising for competition.

 

Now, back to the topic at hand... I live in the US and not South Africa, but from my point of view, I'd never buy something from someone that I knew stored my credit card number besides just making the charge. I get real nervous if it's not a secured direct link to a processor that just takes money and throws away the number. Perhaps your clients are different, but for whatever it's worth, I'd see what I could do to process the card and trash the number.

 

Also, while it's true I have to trust you at some point to not abuse my card, if it's done directly with a paypal type service I don't have to worry about the neighbor's kid sneaking in with a flash drive and copying all the card numbers stored in the database.

 

The risk may be minimal, but the fear isn't and that's what you have to overcome to be successful in this.