[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Discussion of Credit Card Processing Requirements



Hi;

SVN now includes a basic credit card processing framework utilizing
Net::TCLink as its primary (and only included) driver.  It is modular
however, so other credit card processing gateways could be supported.

Currently the only methods exposed are sale and credit.  I suppose a
chargeback option might be required.  Also the system is sufficiently
modular that we could add preauth and postauth handling (for
restauriants) if necessary without any serious problems.

Currently, no cardholder data is stored in the database, and I have
not implemented queued processing for offline operation due to issues
with the PCI-DSS specification.  Also, I recommend that all credit
card processing terminals use SSL for connecting to the server, and
that (due to SQL injection and XSS issues) that all connections to the
server are whitelisted, and that staff accessing the systems from
general purpose workstations receive appropriate training to avoid XSS
attacks.

Any feedback?

Best Wishes,
Chris Travers