Home » Forums » Ubercart » Ideas and Suggestions
4 replies [Last post]
Thu, 01/29/2009 - 01:10
tcindie@drupal.org
tcindie@drupal.org's picture
Offline
Getting busy with the Ubercode.
Joined: 05/15/2008
Juice: 440
Was this information Helpful?

Hi all,

I know there are a good portion of people looking for a good solution to handle offline cc payments. I'm currently building a system that has a partial need for this. Some orders will be processed immediately online, others, however have to be entered into a separate system (lame!) and held there until the service is used...

I've been going round and round with this for the past several hours trying to figure out the best solution because there is always the likelihood of someone selecting both that service, AND something that is to be charged immediately. Well, firstly, the actual price of the service that is to be charged later will be $0, and simply display an alternate price in the product listing. As for transferring the information securely, I intend to have the system encrypt an email (using PGP) and shoot it off to the email address of the person who will physically enter it into the other system.

All this email will contain is all but the last 4 of the CC# (which will be stored with the order info), the expiration date, and a link to view the order details.

The decryption key will only exist on that one terminal that handles the physical order entry. Since login information is required at that terminal, and to get into the admin section of drupal to view the order details, and the email is encrypted, that's certainly secure enough. And once the information is entered into the other system, the email will be deleted.

The other system is PCI compliant, and as the cc info isn't stored in the webserver at all, it remains PCI compliant.

That's my plan anyway.. please shoot some holes in it if you see anything I've overlooked. The idea is that I will write a module that will handle this, conditionally for the selected product(s), prior to the order proceeding through to the standard cc payment routine. I'm not entirely certain how that will work just yet, but I imagine it will involve creating a new payment method that handles all orders, and basically acts as a middle man between ubercart core and the cc_payment module. Seems like it should work -- in theory anyway. Smiling

Follow me on twitter.

Top
Thu, 01/29/2009 - 16:34
#1 View page
tcindie@drupal.org
tcindie@drupal.org's picture
Offline
Getting busy with the Ubercode.
Joined: 05/15/2008
Juice: 440
Re: PGP Email for offline cc processing

Ok, I've been thinking about this a bit more, and here's what I've come up with for how this will function:

Essentially it will be a "middleman" gateway. Though if everything is set to be handled offline, it will be the only CC gateway..

  • Create product flags, which will set a product as online or offline processing. It will be able to default to all products flagged for offline processing, or all flagged for online processing, or all products of a particular class or taxomony for on or offline processing.
  • If an order contains products to be processed online, the order total is recalculated based solely on those items, and other attributes that affect them (coupons, taxes, etc) and the new total is sent through the online gateway module.
  • products flagged for offline processing, remain unpaid, and order status changes to "processing"
  • E-mail is generated containing all but the last four digits of the CC #, the CC expiration, and a link to the order, encrypted with PGP and sent to specified offline payment handler.
  • Offline payment handler decrypts email, clicks the link for details about the order, and runs the remaining elements offline. This module will need to add a settlement button on the order page, that will credit the order its remaining balance (or other amount) and mark the order as paid/complete
  • Once order has been processed offline, email is deleted.

It probably doesn't have to be quite that complex for most people, but since my circumstances require the very real possibility of both products intended for immediate online payment and services intended to be paid for on use offline later, it does have to be that complex to work for me -- so that's what it's going to be.

Any thoughts, things I've missed, potential problems anyone spots please let me know. Also I'm curious if this will be of interest to anyone else.

Follow me on twitter.

Top
Wed, 06/16/2010 - 16:19
#2 View page
blackwidowdc
blackwidowdc's picture
Offline
Joined: 06/16/2010
Juice: 27
Re: Re: PGP Email for offline cc processing

This post is over a year old but I am now faced with this issue. We currently uses PGP encryption and email to manually process payments. And everyone wants to continue using this process but now with ubercart and drupal. Any insight you can give me would be great. Thank you.

Top
Sat, 07/17/2010 - 21:46
#3 View page
michaelphipps
michaelphipps's picture
Offline
Joined: 04/22/2008
Juice: 34
Re: Re: Re: PGP Email for offline cc processing

The immediate question that comes to my mind is, could it be worth looking at a real time payment solution? The time (time is money) you would save would ultimately make this approach worthwhile.

Top
Thu, 07/22/2010 - 16:56
#4 View page
blackwidowdc
blackwidowdc's picture
Offline
Joined: 06/16/2010
Juice: 27
michaelphipps wrote: The
michaelphipps wrote:

The immediate question that comes to my mind is, could it be worth looking at a real time payment solution? The time (time is money) you would save would ultimately make this approach worthwhile.

Actual for this online store it was not feasible to use real time processing. I talked them into purchasing eCC to integrate with quickbooks. So far so good.

Top