This module supports all standard payment actions. It also allows customers to save their payment info for future use. This gives returning customers the convenience of stored credit cards and rapid checkout, without breaking PCI compliance.
The first time a customer checks out, they are given a form to enter credit card details. If they choose to save the card, next time they check out they can reuse that card with a single click. Your customers can also view, add, edit, and delete any of their stored payment info through a 'Manage My Cards' interface in their account. All frontend features are also available in the Magento Admin Panel.
- Pay by credit card
- Save credit cards (tokens) for reuse
- Add, edit, and delete saved payment data
- Edit orders and reorder, without having to ask the customer for CC info again
- Authorize, Capture, or Save CC Info (without charging) at time of checkout
- Capture funds even after the authorization expires
- Partially invoice orders (including reauthorization on partial invoice)
- Partially refund (online credit memo)
- Require CCV code when adding a card, or with every purchase
- Validate billing address with Address Verification (AVS)
- Integrate your systems thanks to Magento API support
- Use a different First Data account for each website (multi-store support)
- Supports ParadoxLabs Adaptive Subscriptions extension
Stored payment info is good for your business and customers.
- It simplifies checkout.
- It encourages customer loyalty.
- It streamlines order management and integrations.
- It lets your staff quickly process orders and billing changes, without needing customers to repeat their credit card info.
All frontend features are available in the admin panel. This means admins can view, add, edit, and delete customers' stored cards, and place orders using them.
When editing an order, you can reuse the payment info, even for guest orders.
All communication with First Data is performed with TLS encryption, and no confidential cardholder data is ever stored on your own server. A process called tokenization is used to run transactions with stored payment information. This lets your customers pay with a 'saved' card that's not on your server at all.
PCI compliance is a complex and multifaceted issue, covering every aspect of your business. We can't guarantee that your business is PCI-compliant. That depends on your server, policies, processes, regular security scans, other payment methods offered, and a lot more. What we can tell you is that this extension will not prevent you from being PCI compliant. We don't store or log confidential cardholder data, or do anything else that would bring you under scrutiny.
This payment method falls under the scope of PCI Self-Assessment Questionnaire D (SAQ D).
For details on the SAQ types and what eligibility means, see "Self-Assessment Questionnaire Instructions and Guidelines (3.2)" (PDF, by PCI Standards Security Council).
In addition, First Data offers a PCI Rapid Comply solution as part of their Merchant Services, which includes guidelines and support to help you complete the annual SAQ.