Discussions

Offline credit card payment module

Hi,

I've just about completed a new payment module that accepts a credit card and encrypts the information with PHP: GnuPG for inclusion in a completed order send email action as a custom token.

The credit card details are passed to GnuPG and its response is placed into the custom token and optionally, into a backup file on disk. The card details are then purged using a custom rules action. As long as the GPG secret key isn't on the server, this should be reasonably secure, albeit maybe not PCI compliant.

Before I get too far with this, I wanted to check with the community about my strategy and naming conventions for the module. Is "Offline credit card" acceptable?

Please feel free to provide input or guidance.

Thanks,
Cameron

Posted: Jan 17, 2013

Comments