Hi,

Forgive me if the answer to my query lies out there somewhere but I've done a number of searches and found nothing...

I want to provide a way for my customers to update their credit card information on an existing order(s) when they are issued with new card details.

Currently I request that the customer orders a single item from their original order and I transfer the new card details to their old order and I cancel the new order. This is a somewhat messy solution though and I would prefer to offer them a better way.

I know I can create a 'product' which could effectively be called 'update payment information' or something similar, but in order for the actinic checkout process to request payment details the item must have the value of at least £0.01. Is there a way to force the checkout process to ask for payment details for a 'product' that has no value?

Or is there an easier way to accomplish what I am trying to do?

thanks for any help

Anna

Existing orders are encrypted and only available offline so this not possible.

You should also be looking at changing to a PSP and not maintaining your customers card details yourself.

what you are doing is totally wrong and you risk loosing your merchant account if your bank finds out. You need to switch to a psp as Duncan says.

We use a PDQ machine, all orders placed are put through this manually when received as a 'customer not present' option, and since we also operate a subscription service, where the customers total differs each month, we calculate the cost and then process the payment accordingly....

All I'm looking for is a method for customers to securely transmit new card details to us without it looking like they are having to re-purchase an item.

All customer details are held in line with PCI DSS I don't understand why you think we are breaking any rules here?

All customer details are held in line with PCI DSS I don't understand why you think we are breaking any rules here?

Have you been audited to see if you comply to PCI-DSS, actinic is not PCI-DSS compliant so would be interested to know how. https://www.pcisecuritystandards.org/

If you went to Actinic Payments then you can recharge the customers cards each month without knowing the details. You would need V9 though

you need the card holders permission to save thier details and this is not in your terms and conditions.

Darren B - no we haven't been audited, but I have made sure everything is in line with the standards, I did not realise that Actinic is not PCI-DSS compliant. I am looking to upgrade to Actinic 9 in the next few months but I don't want to pay for another service provider when we already have a system in place.

RuralWeb - that agreement is reached when we contact the customer about their subscription via email - but I will add this information to our terms and conditions on your suggestion.

I appreciate all this advice, thank you :)

...I did not realise that Actinic is not PCI-DSS compliant...

It's not for Actinic to be compliant but your own computers and processes. It's more the protection of the data than the method of collecting it that's the issue.

Per your original post though - it's not possible anyway to do want you want online.

It's not for Actinic to be compliant but your own computers and processes. It's more the protection of the data than the method of collecting it that's the issue.
in which case I'm certain that we meet all the criteria but I am looking into the self assessment now.

Per your original post though - it's not possible anyway to do want you want online.
drat :(

scanmetrics do require changes to be made to a v7 site for it to be compliant so find to posts by Gavin who did this a few months ago. As darren says though your best bet is to upgrade to v9.

scanmetrics do require changes to be made to a v7 site for it to be compliant so find to posts by Gavin who did this a few months ago. As darren says though your best bet is to upgrade to v9.
thanks, I'll have a look.

take a look at this document - page 15 has gives you an idea https://www.pcisecuritystandards.org/pdfs/pci_dss_saq_instr_guide.pdf

self assessment really is not the way, it will cost you if you intend to store the card details.

take a look at this document - page 15 has gives you an idea https://www.pcisecuritystandards.org/pdfs/pci_dss_saq_instr_guide.pdf

self assessment really is not the way, it will cost you if you intend to store the card details.
thanks Darren I'm trying to get all this sorted now