View Single Post
Old 12-25-2013, 06:26 PM
Lanna's Avatar
Lanna Lanna is offline
Ecwid Team
Join Date: Jan 2011
Posts: 2,675

Originally Posted by Better Erections View Post
Hello all and thanks for stopping by this thread. I am setting up an online store and I want to be able to process credit card transactions. I have my own credit card machine for my business so just want to be able to retrieve the buyers credit card details and i will manually process the orders on my credit card terminal. is there a way to do this? all i seem to be able to see is using external website companies to process my orders instead of being able to do it myself…
There is a purchase order selection that I can make however does not give the customer an option to put in their numbers. Any help with this will be appreciated. Thanks.

As I understand, you’d like to collect credit card details from your customers and process them yourself. Basically we don’t recommend this approach in getting payments. And there’re two major reasons for that:

- Those customers who are aware of online security will be rather concerned to give away their credit cards on any website/forms which they don’t trust. Hence you may have a low conversion rate
- Such approach requires PCI-DSS certification (what it is)

We recommend instead either using trusted online payment processors, or payment gateways that allow gathering credit cards under required security level (e.g. e-Path).

Presently any organization (be it online or offline), which anyhow deals with credit cards, are to be complied with PCI-DSS: specific standards imposed by VISA and aiming at protecting users' data. If you'd like to collect credit cards in your online store/site, at least your website and the server on which it resides are to go through the PCI-DSS certification.
Otherwise, let’s say you have a form on your site that collects credit card details from your customers and, since you need to process the information, stores it somewhere. Basically it will mean a potential security breach, a very high risk. For ex., any one, who can compromise your email box (it’s not that tricky task nowadays), would be able to get access to your emails and thus obtain credit card numbers. If this is revealed, VISA would blame you and us (if this form is on Ecwid pages), which would eventually result in a huge fine (the fine for being not compliant with PCI standards starts from $50K), you may be prompted to run PCI-DSS certification which is also rather costly, let alone your reputation will be in danger.

So to avoid such risks, you should follow one of these solutions:

1. To entrust the payment processing to online payment gateways who will perform all transactions for you. That is, your customers will submit credit cards to the payment gateways who will connect to the issuer (customer’s bank), request the money, verify the transaction (at the same time you will be protected against fraud since payment gateways have anti fraud tools), take the money from the customer’s card and transfer it to your merchant account.
So no manual work, no worries about payment procedures and data security - all this will be the job of the payment gateway. You will just receive the money.

Ecwid supports many payment gateways, you will find the list here:

2. If you need to process credit cards yourself, there's a solution: e-Path payment gateway. It allows gathering credit card details of your customers and processing them manually, still the standards of PCI-DSS are kept. Please refer to this article for details and setup instructions:
Lana W.
Ecwid Customer Care Team

More tips and hints on Ecwid use in our Help Center

⬇ Please click Thanks if my reply helped you.

Thank Ecwid team on Twitter
The Following User Says Thank You to Lanna For This Useful Post:
Uncle Mike (11-27-2014)