DPS Payment Express

Hi,

I am relatively new to Squiz, but need to set-up the payment gateway using DPS for NZ.

From what I can see on the asset when creating the payment, all data, including the CC number is entered on the client side, in Squiz.

I do not think that this is a good practice, it should be collected only on DPS side of the process, we should only pass the order details but CC number and processing should be done on DPS side of the transaction. Or I am looking into wrong place?

I've implemented DPS before, with PHP - not using Squiz, using my own code and all CC validation and processing was done on DPS side, I didn't need to worry about security and SSL...

Can somebody please explain how this works in Squiz, as in docs there is only explanation how to set up form fields.

We are using version 5.1.4.1

Thanks

Hey, AFAIK, the DPS payment was developed a long time ago with the requirement that Matrix was capturing but not storing any data and just passing it through as a POST. I agree that it's probably not best practice to do that as you would then need your site under HTTPS (which it should be regardless) but also probably hosted on a PCI compliant server. So far we haven't had any further requests to actually develop a new version of this payment gateway but if we did, we probably would do it in a similar way to others where we either iframe the CC capturing step in or redirect them to the Payment Gateway and do it there, that is off course, if the payment gateway supports it. And perhaps at the time when the DPS feature was first added in Matrix, this was the only way they supported integration?