Support

Home Forums Pre-Sales Credit Card Offline Payment Option

Credit Card Offline Payment Option

Posted: July 24, 2017 at 10:03 am


simone

July 24, 2017 at 10:03 am

Hello,

our customer ask us a new payment option on his site.
He would have a form (as an available payment method) where user can send credit card and other info while the system saves the order as Espresso Event registration in pending status.

I have note this addon: Flexible payment method
I’m not sure if it saves the transaction/registration and if it’s allows to have form where these info can be ask for.

Thanks,
Simone


Josh

  • Support Staff

July 24, 2017 at 2:11 pm

Hi Simone,

That’s actually not PCI-compliant so we advise not sending the credit card info or storing it on the server. A payment method like PayPal Express will securely handle the payment/credit card information.


simone

July 25, 2017 at 1:58 am

Hi Josh, thanks for help.
Following the guide (Q14) is possible. But we have another option: let our customer treats credit card data like in a email and not save those info in the site.

There is an addon that at the end of the registration event process can do this?
1. shows an offline payment method, like offline or other else, and an saves an order in EE4
2. shows a page with a form with user can write down payment info
3. send an email with this info without save credit card info

Otherwise, we need an addon that allows us to save registrations in the backend, but I’m not sure there is an addon able to do this.

Thanks,
Simone


Tony

  • Support Staff

July 25, 2017 at 4:42 am

Firstly, I’ll be blunt and state that I feel you are playing with fire.

Sending card details in any form is insecure, sending them via email is just asking for trouble. PCI compliance is not just about storing card details its handling that data, how you get the data and what else you do with it so yes the above still falls under PCI compliance (and it fails to be compliant). By trying to work around the ‘normal’ options your just asking for a fine in my honest opinion.

I’ll answer your questions but note take note of the above and understand that you yourself will be liable when this goes wrong.

Following the guide (Q14) is possible.

What is this?

There is an addon that at the end of the registration event process can do this?
1. shows an offline payment method, like offline or other else, and an saves an order in EE4
2. shows a page with a form with user can write down payment info
3. send an email with this info without save credit card info

The bank or flexible payment method can do this, the flexible payment method allows you to set a message that will be displayed when they select it, then they click to finalize.

Otherwise, we need an addon that allows us to save registrations in the backend, but I’m not sure there is an addon able to do this.

You can already add registration in the admin:

Event Espresso -> {hover over event} -> Registrations -> Add new registration

However, you can not process card details through the admin.


simone

July 25, 2017 at 7:18 am

Following the guide (Q14) is possible.
What is this?

Sorry I forgot to add the link to the PCI Compliance guide here: https://www.pcicomplianceguide.org/faq/
I mentioned the Question 14.

Thanks for your support, I know the troubles in treating card data and the PCI compliance standard. I’m looking for a working and safe solution or I leave it.

Thanks for the support and the time you spent,
Simone


Tony

  • Support Staff

July 25, 2017 at 9:10 am

What Q14 from that link is referring to is tokenization, in which a 3rd party stores the card details on their server and you request a ‘token’ which can be used to reference the details on the 3rd party server and create a ‘charge’.

An example of a 3rd party that uses this is Stripe.

That’s very different from you sending/storing the details on your own server.

Thanks for your support, I know the troubles in treating card data and the PCI compliance standard.

PCI DSS was introduced for a very valid reason, to protect card holder/related details from falling into the wrong hands. If you can think of a simple solution that you think may work around that then PCI DSS wouldn’t have been needed in the first place, so that solution is likely invalid (or requires PCI certification anyway).

I’m looking for a working and safe solution or I leave it.

The easiest, safest solution is to use one of the 3rd party providers to do most of this for you, again an example of this is Stripe. Then use one of our payment methods that utilise the above setup:

https://eventespresso.com/product/eea-stripe-gateway/


simone

July 28, 2017 at 4:42 am

Thanks Tony,

I have yet developed a gateway last year using your free plugin for custom gateway with AIB bank.
So, I was able to explain to our customer that custom gateway and check are the only solutions allowed by PCI DSS.

Thanks again for your support,
Simone

The support post ‘Credit Card Offline Payment Option’ is closed to new replies.

Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.

Considering Event Espresso for a new project? Tell us more through our contact page.

Status: closed

Updated by  simone 2 years ago ago

Topic Tags

Notifications

This topic is:
pending
Do NOT follow this link or you will be banned from the site!