tags:

views:

137

answers:

2

i'm going to explain the flow of what i need: the checkout process is the same, now, in the last step, i'm doing POST to an external URL, where all the data is processed, i wait to the response of the external server, after process it, i make the correspondient step, 1- Save the order in the db or 2- Give an error message. it depend on the response, then, to save the order i need to have all the card details, if i don't have it, magento give me an error, the external server doesn't return the card details for security reason, and they said the won't, so, i need to keep alive all this information until i can save it or refuse it, my question: What can i do here? Save the card details in a cookie? or a session variable?? or do i have another opcion??

thanks

+4  A: 

If you save card details anywhere, including the session, you will probably have run afoul of data security laws in whatever country the business is running in. I would not suggest that as a solution.

Joseph Mastey
A: 

As this is a really important topic (imo) and the answers are a bit complicated i decided to write a rather lenghy response about this.

So what are the main aspects with custom payment methods and especially with magento?

  • You are most likely not allowed to store and or transmit credit card information. However you can store something similar so the customer doesn't have to re-enter his/her information all the time. I will come to that later.

  • Magento is a very flexible and powerful application (however it is damn slow). You can do almost anything. But when it comes to checkout processing the flow has to obey certain limitations, with good reasons.

  • Checkout processing steps should be capsulated into units. You are trying to wrap apart one unit which is almost certainly a very bad idea.

So what I want't to say is that the Credit Card information should be entered at the SAME provider that processes the payment. Nothing else. Ever.

I mean thats just absurd... Think about it. "Please provide your paypal credentials, we will then do the payment for you..."

On the other hand if you are a certified credit card payment provider you this transaction of yours (which sounds absolutely insecure) is handled internally and you as a provider are like a black box. Even for your shop.

If you really want that you can internally do your verification transaction etc. To get you on the right track with that i have this code for you which should bring you on the right track. I essentially copied it from magento forum and tweaked it a bit to work with the usual issues like several shops, super products, custom prices, special prices and so on.

However i think you should really re consider your approach for whatever you are trying to accomplish.

Last but not least as i mentioned above, there are way to "store" the card information at the provider. For example Ogone offers you the possibility to send a customer token along with the customer, and if the same token appears again they just pre-fill out all the information and the customer just has to click "pay".

They also offer you to customzie the payment pages and have your own vohst so that the user essentially doesn't realise he/she is even leaving your shop. They also have steady modules for magento that work like a charm and are pretty customizeable. Maby thats what you want...

If I didn't answer your question, at least in an indirect way, I would kindly ask you to re write your question and put more clearly what you exactly wan't and expecially what your intentions are. Meaning what you are trying to accomplish in the end. Perhaps there are better approaches!

Greetings, joe

Joe Hopfgartner