How to continue accepting credits cards details for manual processing
Due to the PCI regulations (Payment Card Industry Security Standards) put in place by credit card companies such as Visa, MasterCard, Amex, Discovery and others, we can no longer send credit card details to you in an unencrypted form.
From October 14 onwards your customers will not be able to pay by credit card, if you do not encrypt your order emails or use a GlobeCharge online order management account.
What are your options
If you have NOT created your own shop, contact your developer urgently, so they can help you resolve the issue. They should be able to provide you with a GlobeCharge account for your current shop so you can continue to accept credit cards. If you can no longer contact your developer, email support@globecharge.com for help.
If you have created your own shop, the options below are available to you:
1: Upgrade to a more secure ShopFactory 8 Total Care from as little as $10.85 or € 8.10 a month.
The easiest option is to upgrade to ShopFactory 8 Total Care which comes with a PCI compliant GlobeCharge online order management account. You can connect your existing ShopFactory 7 shop to your ShopFactory 8 GlobeCharge account, so that you can migrate your website when you have time available. You can use this order management account to manually approve credit card payments.
If you use this discount voucher:
cvc25special
before Novembet 30, we will cut your already heavily discounted upgrade price by an extra 25% - meaning you can get ShopFactory 8 and the added GlobeCharge security from as little as $10.85 or € 8.10 a month.
The advantage of this approach is that you will not have to make your own office, computer and computer network PCI compliant, as you are not storing any credit card details on your system. This will make complying with PCI issues the easiest, if you want to continue to manually accept credit cards.
2: Encrypt your orders with PGP or GPG
You can find information on PGP here: http://www.pgpi.org/ as well as on Wikipedia.
Information on GPG can be found here: http://www.gnupg.org/
GPG projects for different email clients and operating systems are listed here: http://www.vanheusden.com/pgp.php.
A GPG MS Office 2007 plug-in is listed here: http://www.cumps.be/gpg-in-outlook-2007-outlookgnupg/.
Please note that we have not tested these different solutions so do not know if and how they will work.
You use them at your own risk.
We are also providing free of charge a PGP Plug-in for SalesManager to help you encrypt orders here. If you have ShopFactory 8, download this upgraded SalesManager:
http://download.shopfactory.com/patchSM8_TT4684_shopfactory.zip.
If you have ShopFactory 7, download the latest version of ShopFactory 7 from our support website at www.support.shopfactory.com. If you have ShopFactory 6, check this website: http://sf7.santu.com/forums/viewtopic.php?f=20&t=4740. SalesManager can only work with emails received in the Inbox of your email client.
To use PGP with ShopFactory, you have to copy the public PGP key you are generating into ShopFactory when setting up your payment methods. See http://faq.shopfactory.com/article-57.html for more details.
The advantage of using PGP or GPG will be that it is freely available.
The disadvantage is that you will still have to make your office, computer and computer network PCI compliant. If you lose your private key you will not be able to decrypt your orders (nor will anyone else - so make sure to back-up your key). When you use PGP or GPG encryption, you will also no longer receive order notifications in HTML format, as we cannot format encrypted emails. Order notifications will then be text only.
We hope this information will help you address the requirement to secure your order notification emails.
3: Sign up with a supported real-time payment gateway which approves payments on your behalf
such as WorldPay or PayPal or others (see http://www.shopfactory.com/contents/en-us/d206.html for a list of providers)