homepage Welcome to WebmasterWorld Guest from 54.82.1.136
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
CC processing with token
Need provider that returns a unique token per credit card
Daldain




msg:4422331
 5:34 pm on Feb 27, 2012 (gmt 0)

Background:
We have artificial limits (throttling) on our e-commerce website per user login, we need a way to prevent a person from simply creating a new account with us and continue spending with the same credit card. We are PCI compliant however we would strongly prefer a 3rd party hosted solution as we'd rather not hold any reversible CC information (in database or memory). Hence a returned unique cc token would suit.

We deal with USD currency only, and can create US bank accounts if necessary.

We were very close to finishing the application steps to RBS WorldPay when we realized their API did not return some type of unique identifier/token for the credit card used in the transaction. authorize.net supplies the last 4 digits of the card used but that isn't enough uniqueness for us to use.

Any other gateways / providers to investigate?

 

enigma1




msg:4422590
 11:25 am on Feb 28, 2012 (gmt 0)

It may not be a good solution even if a gateway was providing a token back to you in this context. Visitors could submit the same information using different case letters, whitespace in the various fields, may have a different start/end date for their cards than the previous time they tried to buy something etc.

So from what I understand you need to generate a non-reversible token from some of the fields the customer submits as billing/shipping info after doing some field refinement. And then use the token for identification.

Daldain




msg:4422705
 4:56 pm on Feb 28, 2012 (gmt 0)

I should have been more clear, I would like a token on the CC number only. This way there would be no confusion as to what it encompasses.

rocknbil




msg:4422711
 5:11 pm on Feb 28, 2012 (gmt 0)

How about creating a one-way encrypted hash of some sort and using that as your token? I presume you're doing a silent post, you'd create the hash at that point and store only the hash and being a one-way hash, can't be stolen. (reasonably, ANYTHING is possible.)

Next time an account cc comes in, if the hash matches, it's the same card.

Daldain




msg:4422803
 8:24 pm on Feb 28, 2012 (gmt 0)

We would certainly be able to create a one-way hash if we accepted the CC number on our end. However we would prefer a 3rd party hosted gateway to gather the CC data so that we won't have to go through the hassle of monthly PCI compliance.

paladin




msg:4424219
 5:58 pm on Mar 2, 2012 (gmt 0)

Have you looked at Gate2Shop?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved