I started an ecommerce site for a client in 2006, it's an OSC 2.2 MS2 implementation. The project was abandoned but they'd like to launch it now with integrated credit card payment.
The staging is here:
I've implemented SSL just recently.
My client's really own requirement currently is that they want the buyer to enter their credit card info and pay as easily as possible, *on thermprocesses.com*, without leaving the site.
I'm concerned now about OSC 2.2 MS2 being so old, and the "Payment Card Industry Data Security Standard":
How Do I Know If Oscommerce Is Built To Be Pci Compliant?
Can anyone advise me of a solution for payment module + CC processor that is as many of these things as possible:
- PCI compliant
- integrated CC payment on the thermprocesses.com side
- easy module to install (exact name/version and where to get it etc.?)
- good rate/value
I figure I must be one of many in this situation, but there seem to be countless overlapping options with vague issues and hacks and fixes and I'm just wondering if someone with experience can recommend a known/clear route?
He has PayPal Pro, but it appears that the IPN is meant to send the visitor TO PayPal, not to collect the cc info on thermprocesses.com (and he doesn't want that).
I'm reading you're "not supposed to store the CVV" so I'm wondering if there's some processor that works with a module over SSL to get the info but not store it (very long? etc.).
I'm also curious about E-Path,
"One of the advantages of e-Path is your site doesn't need to be PCI DSS compliant because it does not transmit, store or process credit card data. Your site doesn't even touch credit card data."
But I don't know if that's affordable/reasonable for the scale of his store or if it would even integrate with OSC 2.2.
All advice is very much appreciated!!