470,632 Members | 1,457 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,632 developers. It's quick & easy.

Credit card payments

What is the simplest way to implement credit card payments in a Microsoft Access VBA POS program?
4 Weeks Ago #1
4 12049
isladogs
354 Expert Mod 256MB
Don't do it!

No matter, how hard you try to implement security measures in Access, it really isn't secure enough to use with credit card information.
If (when?) there are data breaches, you could be personally liable
4 Weeks Ago #2
zmbd
5,446 Expert Mod 4TB
I absolutely agree with isladogs' Assessment that Access isn't secure enough to store credit card information persay...

So many venders out there that offer CC/DC processing for a very nominal fee, and many will also provide you with a free terminal, that you really should consider using them for the transactions and create your POS in Access to do your inventory and cash-register functions.

With that said, keep in mind that real-time credit card transactions require some very specific encoding from the terminal to the bank that simply isn't available directly within AccessVBA - you would need to find an API/DLL call, they're out there in the wild; however, I would be VERY uneasy using any of these files unless it came directly from the Banking institution.

Storing the CC number - I CANNOT STESS ENOUGH that you would absolutely have to encrypt every single CC/DC individually using something along the lines of Rabbit's AES example ideally using some sort of unique password for every record IN ADDITION to the normal password encryption offered by MSAccess - I would advise changing the default setting to use "strong encryption" and absolutely nothing older than MSOFFICE/MSACCESS-2013
>> KEEP IN MIND HERE >> IF you had a data breach, you could be potentially liable for several thousands of dollars in damages and fines
-IMHO: just don't do it - work with your financial institution or contact one of the Paypal, Square, etc... venders to help you setup a business account to handle the DC/CC - I just recently did this for a close friend for his business - Access for the inventory, invoicing, etc... and his Bank set him up with a POS chip-reader/printer for a really small monthly fee (and if he has over so-many transactions a month the fee is even waived)
4 Weeks Ago #3
NeoPa
32,301 Expert Mod 16PB
I hope that, by now, you no longer need further endorsement of the idea that handling POS directly from within an Access project is a concept to avoid like the plague (almost literally). Nevertheless, in case you do, I say "Don't even think about it". Like both of the other two experienced experts, and I'll be very happy for isladogs to post links here to his own work on this very subject, I am reasonably knowledgeable in these matters. Even I defer to isladogs as an expert and trainer in this field.
4 Weeks Ago #4
isladogs
354 Expert Mod 256MB
Following on from earlier comments, as @NeoPa indicated, I've done a lot of work on database security and know how to make an Access database as secure as its possible to do. For example, see my 3-part article: Improving Security in Access Databases. In particular, look at part 2. Notice I used the words "Improving Security...". That doesn't mean it is unbreakable.

If I was asked to create an Access database to handle credit card transactions, I would refuse the assignment. It just isn't safe.

@zmbd indicated the correct approach. Purchase a card reader designed specifically for the purpose which would handle all the security on your behalf. If that fails due to a data breach, the card reader supplier would be liable...not you.
4 Weeks Ago #5

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

4 posts views Thread by gl | last post: by
9 posts views Thread by nm | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.