Tuesday, 24 September 2013

Groping in the dark, part 7 - almost there?

Now that it seems to work in the "test" environment, it's time to try it out ni the "production" environment. But first, of course, a test, using my thing that will let me bill just one card.

With the billing in dollars, I got the pesky "Some of the data entered is incorrect" message. With the billing in Sterling, I got "CVC missing at input, but CVC check requested".

BMS tech support told me that the dollar problem was that I was giving the wrong password. So I changed that, and now I get the "CVC missing" message. Progress.

Here's the problem.

I bill from my database, just like Amazon and Payapal and (I'd guess) a zillion other people, where you gave them your credit card once, and they use it for you from now on. But the PCIDSS (payment card industry data security standard) says that you're not allowed to store the CVC, not nohow, not even encrypted. At least, that's what I think it says. So I don't. Which means I don't have the CVC.

In the "test" environment, CVC isn't mandatory, but in the "production" environment it is. BMS tell me that they're going to ask the product suppliers (that's Ogone) to "see if we can get this rule removed".

If they can, it looks good. If they can't? I have no idea.

No comments:

Post a Comment