Update September 2015

This article was originally written in sometime in the Naughties. In recent years we've had far fewer requests to store creditcard details on servers than we used to, so it seems the message is getting thought to clients. That said, the points it make are as valid today as they were then.

Introduction

Jomres is capable of using multiple different payment gateways. By default it comes with Paypal and Cheque which outputs the property's address details for paying by cheque.

Gateways in Jomres

As said before, Jomres comes with Paypal by default, but it can use others. You could create your own but it takes time and requires that you understand how the individual payment service's API works, so the better option is to purchase one, ready made. A company called OSDCS creates gateway plugins for a variety of different Joomla components including Jomres and to date they have 46 different gateways for Jomres.

Making your own gateway

This isn't a discussion on making gateways, there are too many differences between gateway services to be write a generic set of instructions. If, however you do want to create your own you should refer to the Gateway Aide Memoire which lists each of the files in a gateway and what they do.

 

Storing creditcard information in Jomres

Regarding storing creditcard details on your own server, I'll quote myself from the forums:

We think it's an extremely bad idea to store creditcard details on your server for security reasons.

Apologies to those who'd like to store card details on their servers, but it's not unusual for servers to be hacked and it's just too risky to store that information on your own box.

Use a payment gateway, send the request to a PCI Compliant gateway service, let them worry about something that you're extemely unlikely to be an expert in : server and data security.

 

"The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data."

The Real Cost of Data Breach

"the U.S. National Archives & Records Administration reports 50% of businesses that lose their critical data for 10 days or more have to file for bankruptcy immediately."

"you might think that at least small merchants are safe because hackers and thieves only target big businesses with high sales. Unfortunately, you’d be wrong. Thieves know that large businesses have the resources to spend on sophisticated security systems and instead target smaller merchants where security is likely to be less effective."

"The bottom line? The cost of a data breach for a Level 4 merchant averages $36,000 and can be as high as $50,000 (or more). In other words, more than enough to cripple—or even destroy—a small business."

 

Please, if you can, talk your clients out of it, try to convince them that it's smarter to use a payment gateway.