Kryptronic Software Wiki : Offline Credit Card Processing

	Home Shopping Cart Software Support Center Custom Shop Managed Hosting
Wiki Wiki Tools Login/Register Community Forums Kryptronic Corporate

Offline Credit Card Processing

Below is an explanation of how the offline credit card processing system in ClickCartPro works.

ClickCartPro supports offline credit card processing. Offline processing is a method that allows a store owner to process credit card transactions with a local credit card machine rather than using a gateway service. When an offline order is received by ClickCartPro, the card information submitted is checked against the MOD-10 algorithm to ensure the card number is properly formatted. This ensures the card used is a valid Visa, Mastercard, American Express or Discover number. It does not check to see if it is a valid account number or check for funds availability, etc.

If the credit card number entered in ClickCartPro is valid, the order is approved and two email messages are sent to the primary order email address for the order. The first message is a standard order confirmation email message. The second message contains:

The order number
An encrypted copy of the card number
An encrypted copy of the CVV2 code (if entered)
The card expiration date

ClickCartPro program encrypts the credit card information using a HCE_MD5 encryption module. This module implements a chaining block cipher using a one way hash with two keys. One key is established within the codebase and the other is unique to each installation. This method of encryption is the same that is used by Radius (RFC2138). All encrypted data is Mime Base64 encoded for transport.

Please note: The credit card information is not stored in the database. This information is encrypted and emailed only. This is done for security purposes.

Decrypting Data Using the Management Interface

Encrypted card information can be decrypted by using the management interface function: Store > Commerce > Decrypt Offline Order Data.

Decrypting Data Using a Yahoo! Widget

You can also use a Yahoo! Widget published by Kryptronic to decrypt the encrypted card information. In order to use this widget, download it from the following location and install it to your desktop:

http://central.kryptronic.com/public/yahoo-widgets/offline-decryption-tool.zip∞

Information on publishing Yahoo! Widgets is available from Yahoo! here:

http://help.yahoo.com/l/us/yahoo/widgets/basics/basics-07.html∞

Once the widget is installed, edit the settings for the widget and add your decryption key. You can find your decryption key by logging into your site via FTP and viewing the config.php file in the private installation directory for your software. Enter the value for the key 'core.cryptkey' as your decryption key.

ClickCartPro 7 and EuropaCart 7 - Store Component

© 1999-2012 Kryptronic, Inc. All rights reserved worldwide. Kryptronic, the Kryptronic logo and all Kryptronic software names and logos are trademarks of Kryptronic, Inc. All Kryptronic software is copyrighted and the intellectual property of Kryptronic, Inc. All Kryptronic software is developed and distributed under license by Kryptronic, Inc.

Kryptronic Software Wiki : CCP7OfflineCreditCardProcessing

Offline Credit Card Processing

Decrypting Data Using the Management Interface

Decrypting Data Using a Yahoo! Widget