Manual Credit Card Collection - Potential Problems
Older payment modules like
credit card and
CEON Manual Card are not recommended for the following reasons:
- they are not PCI Compliant
- storing credit card details in your database puts the store owner at great financial risk in the event of a data breach. Fines can range from $5000 to $500,000 for said breach.
- it may no longer be legal to do this (depending on your jurisdiction)
- it may be a violation of your merchant agreement (depending on the terms you agreed to).
So what should you do?
Switch to one of the built-in payment gateways. There are many payment processors Zen Cart supports.
Switch to one of the payment gateways from the Plugins Library.
The former will be better supported of course, but it’s your choice.
Many gateways can be configured to Auth Only instead of Auth and Capture if your concern is that the final order total might change.
The plugin Authorize.net CIM Card on file allows you to securely store credit card information at the payment gateway. The Zen Cart database stores only a token for use in future charges. This method of tokenizing credit card data is the accepted best practice for enacting card on file transactions.
All these options give you a credit card entry form on your checkout payment page, which is what most customers will expect. (Naturally they all require an SSL certificate, but hopefully you already have one; if not, install SSL first.)