what are the best security features (settings,modules) provided by drupal according to credit card transaction?. Do you have any additional prevention techniques .If possible post important and necessary setting points also please.
+2
A:
If you want to handle credit cards transactions with drupal or any other technology you need to comply to the Payment Card Industry Data Security Standard (PCI DSS).
marcgg
2010-08-30 10:47:47
+4
A:
Most importantly, don't handle the CC data at all. There are several payment processors which provide a payment API and handle the CC processing for you. That way, you don't need to worry about PCI DSS or about escaped CC#s (and the resulting PR brouhaha) when your database is compromised.
(it may seem I'm dodging the question here, but every time we've done a calculation of costs in process cards ourselves/have a processor do it, the roll-your-own approach would bring high initial costs and considerably higher maintenance costs, plus higher risks. OTOH, payment processor will cost you something, but takes this risk+PCI DSS off you)
Piskvor
2010-08-30 10:57:44
+1. Get a module like Ubercart, and a payment processor to handle this for you. There's no upside to processing credit cards yourself.
anschauung
2010-08-31 03:08:15
+1
A:
I agree with Piskvor. If you're not 100% sure what you're doing, I think you're better off using existing code that has been tried and tested by the community. Have a look at Pay module.
marcvangend
2010-08-30 12:54:44