Vote up!
Vote down!

Capturing & Emailing Encrypted Payment Details

Hello All!

Our business workflow requires that we charge the customers credit card one time: at the time of shipping. This way we can include the shipping charges in the Total, and only have to charge the customer once.

The solution to this in the past, is to capture the payment details, put them into an email with the order info, encrypt them, and send them to someone in our order processing dept.

I have been looking for 2 weeks now for a workable solution within Drupal Commerce, and have tried just about everything, ...but nothing is working smoothly ... YET.

I found and attempted to install the Commerce_GPG, which provides a payment method that SOUNDS like it will be my answer, but it requires 3 external PHP extensions that apparently must be compiled first, and then installed into PHP and I cannot figure out how to install them.

Due to PCI compliance, we are not looking to STORE the payment info, just capture it, encrypt it and email it... it would then be erased from the site.

Anyone have a better idea?

Asked by: XeauDesign
on May 21, 2015

1 Answer

Vote up!
Vote down!

I think there are issues with this

  • You are still storing the CC details - they'll be in the email, on your computers and in the cloud if you use a cloud email solution.
  • Afaik as long as the CC details are being entered into your site rather than a 3rd party you need to meet the D-Merchant rules. If your server is compromised then it would be trivial to capture & redirect the CC details prior to the encryption & email.

The best idea is probably to do an Authorization and process it once you know the final charges, anything else is likely to put you at risk.

Andy @ BlueFusion
Posted: May 26, 2015