Customizing ProductCart - Capturing cc number in admin with Paypal WPP

Print Page | Close Window

Capturing cc number in admin with Paypal WPP

Printed From: ProductCart E-Commerce Solutions
Category: ProductCart
Forum Name: Customizing ProductCart
Forum Description: Exchange messages with other users that are customizing ProductCart.
URL: https://forum.productcart.com/forum_posts.asp?TID=4661
Printed Date: 07-July-2025 at 7:45pm
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com

Topic: Capturing cc number in admin with Paypal WPP

Posted By: Ludwig
Subject: Capturing cc number in admin with Paypal WPP
Date Posted: 07-August-2011 at 9:32pm

With some gateways you can actually capture a credit card number in the admin panel - is there any customization that can be made so the credit card number can be captured in the admin panel when using paypal website payment pro? thanks!

Replies:

Posted By: Matt
Date Posted: 08-August-2011 at 12:28am

Sure, you can technically save the card data. I am posting to advise you do not attempt it. There are very specific scenarios where a shopping cart needs to hold card data (temporarily). However, none of those apply to WPP.

Posted By: Ludwig
Date Posted: 08-August-2011 at 7:50am

Hi, how can we set it up to save the card number in the admin panel with Paypal WPP so it can be purged later like the other gateway options can do? We need the card number so we can call the bank and verify information on the customer... it would be awesome if we didn't have to get the customer to call us and give us the card number over the phone because a lot of people don't like doing that! Thanks.

Posted By: Matt
Date Posted: 08-August-2011 at 11:49am

Hi Ludwig, we cannot advise this for PayPal. Why not use PayPal's advanced fraud checking capabilities? PayPal already has advanced fraud checking. They even have "confirmed addresses" and you can indicate you only ship to confirmed buyers with confirmed addresses.

Posted By: Ludwig
Date Posted: 08-August-2011 at 12:32pm

Matt, I'm talking about using Paypal's Website Payment's Pro services where we process credit cards directly through our site - this is different than Paypal payments where you have a confirmed address - those payments aren't a problem... I'm talking about where the customer inputs their credit card on our site and they never see Paypal or even know Paypal is processing their credit card... those are the ones where I want capture the cc number in admin panel

Posted By: Ludwig
Date Posted: 09-August-2011 at 11:05am

So can this be done with a custom edit? so that when capturing CC on my site i can get the CC number in my control panel like I can if I use the authorize.net gateway?

Posted By: Hamish
Date Posted: 09-August-2011 at 5:20pm

Hi, I expect you would be in breach of the visa rules if you did this.

-------------
Editing ProductCart Code?

See http://wiki.earlyimpact.com/developers/editcode" rel="nofollow - WIKI Guidelines for Editing ProductCart's ASP Source Code

Posted By: Ludwig
Date Posted: 09-August-2011 at 5:39pm

the authorize.net gateway allows the cc number to get in the admin panel. i love how the entire credit card processing industry is rigged against the merchant, if there is a chargeback YOU DONT EVEN KNOW WHO THE ISSUING BANK IS and you can't find out unless you take it to court, THE ISSU BANK is the sole artiber for who is liable so if i comes down to th bank or merchant guess who they will place libaility on, yes the merchance and the merchant is robbed blind because they don't even know who the issuing bank is unless they actually gather data beforehand and in out but you need th card number to do that and you can't even see the card number when an order is placed

Posted By: Matt
Date Posted: 09-August-2011 at 6:06pm

When Authorize.Net is set to AUTH_ONLY, credit card information is encrypted and stored in the store database and should be regularly removed using the Purge Credit Card Numbers feature (this is done automatically in version 3.5 and above when using the Batch Processing feature). When it’s set to capture funds (AUTH_CAPTURE), credit card information is not stored in the store database. Storing credit card information is required to successfully process the order(s) using the batch processing feature.

This scenario does not apply to PayPal because you process everything with Reference ID and they are flexible about changing the total when there was an AUTH_ONLY.

Originally I posted a reply to your inquiry to advise you do not save the credit card number. My understanding now is that you intend to store it for an extended period of time in case there is a chargeback. Saving the credit card data for an extended period of time is definitely not advisable.

Setting aside all of the terms of PayPal, which I have not investigated. This is simply not worth the risk for you or your customers.

I strongly recommend that you find another way to validate your orders. For instance, you could switch entirely to PayPal Express Checkout or require a signature form.

Posted By: Ludwig
Date Posted: 09-August-2011 at 6:40pm

Originally I posted a reply to your inquiry to advise you do not save the credit card number. My understanding now is that you intend to store it for an extended period of time in case there is a chargeback. Saving the credit card data for an extended period of time is definitely not advisable.

No, we just need the card number termporarily to get the issuing bank and call to verify name, phone number or address then we can purge the card number. this would save so much time and hassel of having to get every cc order to call us and give us their cc number on the phone so we can use it to verify info with issue bank

Posted By: Ludwig
Date Posted: 15-August-2011 at 1:02am

look at all the replied and still not an answer to my question

Posted By: Greg Dinger
Date Posted: 15-August-2011 at 11:52am

Matt and Hamish both told you this is a really bad idea. Please take that to heart. DON'T DO THIS.

I am in the midst of dealing with two stores that have been hacked in the past 6 weeks. Both stores were not upgraded for years and therefore were down level (so this is not a reflection of an issue with the current version of ProductCart). Regardless, someone found a way to get into these sites. Once they did so, they were able to query the database and steal cards. Both merchants now have HUGE problems on their hands.

Early Impact makes careful decisions about how and when to store data. If their warnings, and the above story is not sufficient to discourage you from making changes that are a BAD IDEA, then you can go ahead and do whatever you feel is necessary. Don't say we did not warn you.

-------------
GreyBeard Design Group

Certified ProductCart Developer

Web Design/Development/Hosting

http://tinyurl.com/5c8t4t" rel="nofollow - Add-Ons & Custom Code |