[Rhodes22-list] Wally said, "...? ... comments on Obama [Political]

John Lock jlock at relevantarts.com
Sat Nov 1 11:05:46 EDT 2008


At 09:45 AM 11/1/2008 -0400, Michael D. Weisner wrote:
>It is not unusual to come across a site that does not require CVV/CVV2 to
>authorize a credit card purchase.  In addition to splitting the processing
>functions from online POS to offline to speed processing on very busy
>servers, one of the most popular open source e-commerce designs, OSCommerce
>(www.oscommerce.com), did not utilize full credit card authorization
>functions unless using a payment gateway.  Check out the discussions that
>are still a daily event concerning CVV/CVV2 on their forum.(
>http://addons.oscommerce.com/info/6307 )  My sites have always used every
>fraud prevention capability of the system but not all think this way.

Whether to require CVV/2 or not is ultimately a business decision and 
does not imply more or less security nor does it have to be related 
to server loading.  We have many small business clients who just 
don't have the sales volume to justify realtime payment 
processing.  They prefer to do it offline to save costs and, in fact, 
this can be a very secure method.

An example is a conventional storefront that also has a website for 
selling their products.  They already have a merchant account for the 
real store and just have it authorized for "card not present" 
processing.  They can then process their website sales using their 
current payment terminal and skip the gateway fees.  In addition, 
you've got a human eyeballing the transaction, so if a charge looks 
bogus, they can follow up with the purchaser.  This is a very secure 
and workable solution for many lower-volume web stores.

Cheers!

John Lock
~~~~~~~~~~~~~~~~~~
s/v Pandion - '79 Rhodes 22
Lake Sinclair, GA
~~~~~~~~~~~~~~~~~~



More information about the Rhodes22-list mailing list