TOPIC: Security

I am hoping to use DT Donate soon, but a friend of mine has concerns over the security. He is a professional Java/PostGres guru and I trust his advice. Because he does not know PHP/Joomla, he would like to build a Java donation app for me. That way, he can verify the security of the server/database/app. It's not that he thinks DT Donate is NOT secure, but simply that he doesn't know. I do not know enough about PHP/Joomla to accurately comment on it. And it's also a hosting issue too. Can you help me understand how DT Donate works from a security standpoint so I can talk intelligently about why this should not be a concern? My assumption is that the security of the component is more likely related to the security of Joomla, my host and the db. Not DT Donate.

Hello. You are correct. There are no security concerns with DT Donate. No credit card or other payment information is stored in your joomla database so you need not worry about the security of that. If you use Community Builder and you choose to integrate DT Donate with it, user will have the OPTION to save their payment info for future use. If they do so, it is encrypted and then stored in the database. However, you do not have to integrate with CB if you want to avoid that option all together. Regarding the security of the transaction itself, if you are using PayPal, the actual payment is made through the PayPal site and THEIR SSL so you have no secure concerns there. If you are using Authorize.net payments, you should have a SSL certificate for your website domain name. With that in place, your transactions that take place within your own website will be secure. If you have other questions, let us know. Thanks.

dtadmin,
I notice that your company uses the auth net gateway for processing transactions on this site. For those of use without SSL it would be nice to have the option to be redirected to auth net page for entering the CC #.
Is this feature available or will it be made available?
Thanks!

Yes, this would be a good feature. We do not have a date for when this will be available, but we do intend on adding this function as soon as possible. Thanks.

I have just installed DT Donate, and am still poking around. I too am concerned about the security issue -- we are a political party and have been using simple checkout on authorize.net for about a year and a half. I am concerned about credit card information being stored on our host. Sounds like we need a SSL certificate. Also, it looks like the option to have information retained is included even without CB, since I am not using it.

The option to store payment data should not show if you CB integration is turned off in the settings of DT Donate. The data would be stored in the CB profile fields that would be created by DT Donate in the install process. If you do not have CB, then these fields won\'t even exist... so info would not have a place to be stored. The DT Donate database tables have no place to store it. If you ARE saving the data with CB, it IS encrypted. You can\'t just look in the database and see the credit card numbers. It\'s not readable. Anyway, hope that helps you understand a bit.