We help IT Professionals succeed at work.
Get Started

Best PCI compliant payment module & processor to use for OSC 2.2 MS2?

475 Views
Last Modified: 2014-05-09
I started an ecommerce site for a client in 2006, it's an OSC 2.2 MS2 implementation.  The project was abandoned but they'd like to launch it now with integrated credit card payment.

The staging is here:
https://www.thermprocesses.com/index.php

I've implemented SSL just recently.

My client's really own requirement currently is that they want the buyer to enter their credit card info and pay as easily as possible, *on thermprocesses.com*, without leaving the site.

I'm concerned now about OSC 2.2 MS2 being so old, and the "Payment Card Industry Data Security Standard":

How Do I Know If Oscommerce Is Built To Be Pci Compliant?
http://forums.oscommerce.com/topic/266802-how-do-i-know-if-oscommerce-is-built-to-be-pci-compliant/

Can anyone advise me of a solution for payment module + CC processor that is as many of these things as possible:

 - PCI compliant
 - integrated CC payment on the thermprocesses.com side
 - easy module to install (exact name/version and where to get it etc.?)
 - ease-of-setup
 - good rate/value

I figure I must be one of many in this situation, but there seem to be countless overlapping options with vague issues and hacks and fixes and I'm just wondering if someone with experience can recommend a known/clear route?

He has PayPal Pro, but it appears that the IPN is meant to send the visitor TO PayPal, not to collect the cc info on thermprocesses.com (and he doesn't want that).

I'm reading you're "not supposed to store the CVV" so I'm wondering if there's some processor that works with a module over SSL to get the info but not store it (very long? etc.).

I'm also curious about E-Path,
http://e-path.com.au

"One of the advantages of e-Path is your site doesn't need to be PCI DSS compliant because it does not transmit, store or process credit card data. Your site doesn't even touch credit card data."

But I don't know if that's affordable/reasonable for the scale of his store or if it would even integrate with OSC 2.2.

All advice is very much appreciated!!
Thanks,
Alan
Comment
Watch Question
Developer
CERTIFIED EXPERT
Fellow
Most Valuable Expert 2013
Commented:
This problem has been solved!
Unlock 3 Answers and 7 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE