Offline credit card payment module


I've just about completed a new payment module that accepts a credit card and encrypts the information with PHP: GnuPG for inclusion in a completed order send email action as a custom token.

The credit card details are passed to GnuPG and its response is placed into the custom token and optionally, into a backup file on disk. The card details are then purged using a custom rules action. As long as the GPG secret key isn't on the server, this should be reasonably secure, albeit maybe not PCI compliant.

Before I get too far with this, I wanted to check with the community about my strategy and naming conventions for the module. Is "Offline credit card" acceptable?

Please feel free to provide input or guidance.


Posted: Jan 17, 2013