Folks, Does any one know how to the solve the following use case: 1. I want customers coming to my physical store to be able to order something from our website it that item is Out of Stock in the store. 2. The order would be placed on an ipad where I would open our website and allow them to place order to ship that item to their home. 3. I want to collect the payment on the website in the regular checkout flow. How can I make customer give me their credit card information on this ipad while being PCI compliant?
Why I am getting a wrong feeling about this thread If they come to your physical store then why they will go for online purchase? They can use their debit / credit card upfront right? Why do you want them to show CVC and Expire date? Sounds really stupid.
The need to do that is when they come to the store but dont find something in stock. I dont want customers to leave dissapointed. I would rather place an order for them from my website (where inventory positions are better) and have it shipped to them for free.
In that case, you can have a secure place/room where your clients can order through their cards. Inside that place there should be no CCTV or hidden camera but you can have one installed outside that place just to make sure someone is not stealing your ipad or laptop! I still think asking them to order through your website from your physical store is not a good idea. Instead you can give them your visiting card and ask them to order when they get back home.
I would recommend having staff order it online for the customer. I've seen large chains do that and a lot of similar stores have kiosks in the store from which customers can order Out of Stock items. But if you're set on having the customer order from the store, the best way to do it is to have the staff order it for them. It also adds a layer of 'we care' to your frontline!
Omnichannel- The idea is sound. Let's make sure we're on the same page: You want them to shop online, pay online as usual. If the ecommerce solution is PCI compliant, then the customer should checkout as usual- it doesn't matter if it's a computer or an iPad, if it's in your store or across the country. Someone is already taking phone orders and processing payments made online so managing computers, networks, etc is already in your PCI scope. So the question seems to be whether YOU or CUSTOMER key enters the payment information (swiping is another conversation). Perhaps you're putting the item in the cart etc. Is there a reason the customer can't enter the payment data when you get to that point in checkout? This would be the best practice. It's not against PCI to ask for the card, after all, merchants are supposed to check the signature on the card to the signed receipt, but it would be safer. To protect from prying eyes, get a privacy screen protector http://solutions.3m.com/wps/portal/3M/en_US/3MScreens_NA/Protectors/