Manual Credit Card Collection

Why you shouldn’t use manual credit card processing with online stores

Older payment modules like “credit card” (cc.php) and “CEON Manual Card” (ceon_manual_card.php) are not recommended for the following reasons:

  • They are not PCI Compliant.
  • Storing credit card details in your database puts the store owner at great financial risk in the event of a data breach. Fines can range from $5000 to $500,000 for said breach.
  • It may not be legal to do this (depending on your jurisdiction).
  • It may be a violation of your merchant agreement (depending on the terms you agreed to).
  • If a data breach occurs then the various 3rd party providers whom you rely upon may have to respond, and thus some of those parties (such as hosting providers) may not let you put them at such risk because it would be a violation of their terms of service with you. You could be in breach of contract with them which might result in account suspension.

So what should you do?

The former will be better supported of course, but it’s your choice.

Please see getting off manual card collection for ideas on replacements for manual card collection.


  • Many gateways can be configured to Auth Only instead of Auth and Capture if your concern is that the final order total might change.

  • The plugin CIM Card on file allows you to securely store credit card information at the payment gateway. The Zen Cart database stores only a token for use in future charges. This method of tokenizing credit card data is the accepted best practice for enacting card on file transactions.

All these options give you a credit card entry form on your checkout payment page, which is what most customers will expect. (Naturally they all require an SSL certificate, but hopefully you already have one; if not, install SSL first.)

Still have questions? Use the Search box in the upper right, or try the full list of FAQs. If you can't find it there, head over to the Zen Cart support forum and ask there in the appropriate subforum. In your post, please include your Zen Cart and PHP versions, and a link to your site.

Is there an error or omission on this page? Please post to General Questions on the support forum. Or, if you'd like to open a pull request, just review the guidelines and get started. You can even PR right here.
Last modified April 17, 2024 by Chris Brown (31b887c).