This may be a rookie question, but I was just wondering about security. Will I need to purchase an SSL certificate to use this module without risk of leaking sensative credit card information?

Are there any other security precautions that I should take before enabling the module?

Thanks a lot,
-Josh

Comments

artis’s picture

artis commented

An SSL cert is critical for any site taking credit card info. While not "required" by the module, any merchant account including QBMS will require an SSL cert to process. If they catch you processing without a cert they could revoke your merchant account.

jerry’s picture

jerry commented

Will I need to purchase an SSL certificate to use this module without risk of leaking sensative credit card information?

Yes. You'll need to use something like Secure Pages or Ubercart SSL to ensure that the payment pages use HTTPS, or else configure the entire site to do so.

Are there any other security precautions that I should take before enabling the module?

In terms of security, it's similar to the familiar bundled Authorize.Net AIM module. As the Drupal site receives and transmits CC information, it will require PCI DSS SAQ C.

jerry’s picture

jerry commented

(oops, artis slipped in ahead of me there)

artis’s picture

artis commented
Status: Active » Closed (works as designed)

Great addition, jerry. Thanks.

Marking as closed, works as designed.

JoshOrndorff’s picture

JoshOrndorff commented

I saw that Intuit has something called Hosted Pay Page that is similar to paypal WPS.

https://ipp.developer.intuit.com/0085_QuickBooks_Windows_SDK/qbms/0010_H...

Is there any chance of integrating that with drupal? What would it take to sponsor that development?

-Josh