Accepting Credit Cards

How do I add support for this?

The documentation is slightly confusing when it comes to credit cards. It does state that a payment gateway is required and recommends the use of PayPal, but how specifically would one allow payments to be processed using credit or debit cards without going through PayPal?

There's a setting in eCommerce, Use local payments, which when selected seems to have no impact on the payment gateway or form of payments accepted. I also noticed there's some profile fields relating to credit card information, but these fields are listed as 'unused'.

I'd like to use PayPal but also have the ability to take card numbers directly.

Hello,

You're asking about processing payments on-site ("local payments"), but as I think you're aware you'd still be using a payment gateway for it.

This is possible, but we do not have it implemented for PayPal. I think it's implemented for authorize.net.

There are two massive caveats:

1. you need to go through a long and complex PCI compliance process. You'll almost certainly need a dedicated server to be able to be able to answer in the affirmative for all the rules the credit card companies will insist on, and just writing up the report will take you a couple of days for an expert to do. I don't recall the exact process, but expect around 300 very technical questions. You'll need to write half a dozen process documents and submit them for approval.
2. The Composr developers only provide support for PayPal. We do have functionality for others (e.g. Authorize.net) but we won't be able to provide any support or debugging, except under paid tickets - even if things are broken out of the box. It's much too complex and change-prone to be able to support in a free product, a typical debugging session would take a senior programmer a couple of days, as they need to negotiate access to the API, set up a sandbox account, learn and debug the custom API, test things very carefully (as paying customers and money is involved), then deliver changes.

I wouldn't recommend this course for anyone who doesn't have a major investor on board, and willing to hire a programmer to tune things for them. Honestly, we're talking 5-figures bare minimum for a developer to want to be involved in all that – it's just far too complex and risky.

Gotcha. Well, please don't take this the wrong way – not that I would ever go with another CMS, there are applications (CMS as well as eCommerce solutions) that can do this and don't require the things you've stated, and, some I do believe are free.

But, I do understand what you're saying about not wanting to get involved.

I wasn't sure how processing credit card payments worked and always just thought it was a standalone system that didn't require such things as PayPal, but again this was always just my assumption.

Not a big deal. I can survive with PayPal

I can 100% guarantee that any system that has you typing in credit cards directly to your own website requires a PCI compliance audit. The software may not advertise it, and people may lie to their gateways about them doing it, but it's 100% required - the gateways will ask for it when you set up with them. The credit card companies won't authorise any sites to take the cards unless they go through the exhaustive vetting.

EDIT: Systems like Stripe may show on your website in a frame and would not require an audit, but that's not technically on your own website, as the frame runs from Stripe.