eway and credit card details

[managedservices]

Hello,

 

i just have a question about the eway payment gateway module as we are looking to sign up with them.

 

How is this gatway configured? is it using the eway shared page solution or the merchant hosted (XML) solution.

 

Also are credit card details stored in our database when using this solution? I know that when we use paypal everything is done on the paypal pages which reduces our security requirements and risk. I was hoping that this would also be the case with the eway service?

 

any info you can provide would be great.

 

regards

tom

[hightekhosting]

Tom,

 

When using the eWay payment module, all credit card details are stored within the WHMCS database using the AES Encryption protocol and is quite secure. Even from within WHMCS you cannot view the credit card numbers/details without the encryption hash.

 

Effectively, the eWay module is using the merchant hosted XML solution not the shared solution.

 

I would strongly suggestion 2 things if using the eWay module:

 

1) An SSL be applied to your site (if not already)

2) Performing extra security changes such as those listed in the WHMCS Wiki and extra's such as encrypting vital/secure files, such as your configuration files etc.

 

I hope this helps.

 

Regards,

 

Dale

[chickendippers]

Storing credit card details on your server also requires you are PCI compliant. We decided to use a hosted solution instead Even our most technical person couldn't wade his way through the sea of acronyms and jargon in the PCI documentation!

[Iceman]

I notice that eWAY has a REBILLING feature, and the ability to STORE client's credit card details. (They are obviously PCI Compliant).

 

If WHMCS and eWAY could communicate with each other in that particular instance, all that would need to be sent to eWAY would be Invoice details, and no CC details. eWAY currently uses an ID for each CC owner so matching a WHMCS due invoice to an owner of a CC with eWAY would be a simple process.

 

The only issue to resolve would be the adding or changing of CC details for a client. Perhaps it could be done via a very simple customised form on the eWAY server?

 

Doing things this way, you would NOT need to be PCI Compliant!!, as no CC details at any stage would be either transmitted through your server or stored on your server.

 

This would save a lot of people a huge amount of hassles (no PCI required) and may even get eWAY some more business.

 

Cheers,

Paul

[HostVitality]

Because clients would still be entering card details on your site in order to setup the rebilling in the first place, you still have to be pci compliant. I've been looking at them all recently and all these gateways that offer to store card details like authnet, quantum, etc... are pointless. Until they implement full payment processes where the customer leaves your site to pay and then it ruins the whole checkout flow on your site.

[Iceman]

I think you missed my point. It depends how you accept orders.

If the CC side of things (in all instances) could be directed to eWay that would solve the issue.

 

Our problems is NOT the original signup. We are more than happy to phone the customer and get CC details if absolutely necessary. Rather our concern is the ONGOING CC payments.

 

Cheers,

Paul

[Iceman]

Actually maybe this is a start "Token Payments".

 

There' s even an API for it.

 

I think I need to speak to Matt.

 

Cheers,

Paul