Offline credit card payment module
I've just about completed a new payment module that accepts a credit card and encrypts the information with PHP: GnuPG for inclusion in a completed order send email action as a custom token.
The credit card details are passed to GnuPG and its response is placed into the custom token and optionally, into a backup file on disk. The card details are then purged using a custom rules action. As long as the GPG secret key isn't on the server, this should be reasonably secure, albeit maybe not PCI compliant.
Before I get too far with this, I wanted to check with the community about my strategy and naming conventions for the module. Is "Offline credit card" acceptable?
Please feel free to provide input or guidance.