Hi Gary,

I'm having a look at the Eway gateway. I'm hoping to be able to use the Eway hosted payment page because I haven't got SSL on my system and don't intend to. However, I note that the module asks for credit card details on the payment method selection page. Does that mean it's expecting to process the payment from within the portal, or does it somehow send the data through to the hosted payment page in the background?

Thanks for any info on this
Rob

Yes, it send the data in the back ground, we do not process the payments by this module.

Thanks for the reply Gary.
So does that mean it's ok if the portal is not on ssl?
Rob

Rob,

The module itself does not require SSL, however, you may need to check with client to comply with their security requirements.

Hi Gary, sorry to bug you on this one again... I'm still unsure about it.

What I'm trying to figure out is if the web page that the payment module resides on has to be ssl-secured in order to comply with any banking or Eway rules. The portal client is only concerned with external compliance. There are no internal rules or requirements to have SSL on the site.

With the PayPal provider it's clear that the module doesn't collect credit card information before going to the payment page, and therefore the module page does not have to be running under SSL.

But with the Eway provider, the module collects the credit card number before going to the Eway payment page. Surely that means it transmits the information un-secured over the internet? I was fairly sure that that isn't allowed by the credit card companies?

Let me know what you think about it.

Regards,
Rob

Rob,

In this case, you may want to use PayPal Web Standard instead of Eway?

For Eway, the module supports SSL for the Payment page though, so the only thing you need to consider is to have your server supporting SSL as well...

Thanks.

Ok yep, thanks for the reply. That's pretty much as I'd have thought.

I've been avoiding getting SLL on the server because I just run one application with multiple domains pointed to it and I understand I'd have to set up additonal IIS applications for any portal that needed SSL.. it's all a pain so I simply try and use hosted payment pages instead.

I'll look into it and make a decision.
Thanks
Rob

Sure...