ProductCart E-Commerce Solutions Homepage
Forum Home Forum Home > ProductCart > Using ProductCart
  New Posts New Posts RSS Feed - Why PC stores credit card numbers?
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Why PC stores credit card numbers?

 Post Reply Post Reply
Author
Message
plezaic View Drop Down
Newbie
Newbie


Joined: 05-December-2007
Status: Offline
Points: 0
Post Options Post Options   Thanks (0) Thanks(0)   Quote plezaic Quote  Post ReplyReply Direct Link To This Post Topic: Why PC stores credit card numbers?
    Posted: 24-December-2007 at 3:13pm

Does anyone know why is PC storing credit card number and expiration date? Once this info is sent to authorize.net it is no longer needed. It is a huge security issue and I can't imagine sitting there 24/7 babysitting shopping cart and purging the numbers every time the order comes in. Can it be stopped from storing the credit card number?

Thanks,
Predrag

Back to Top
ProductCart View Drop Down
Admin Group
Admin Group

ProductCart Team

Joined: 01-October-2003
Status: Offline
Points: 135
Post Options Post Options   Thanks (0) Thanks(0)   Quote ProductCart Quote  Post ReplyReply Direct Link To This Post Posted: 24-December-2007 at 3:43pm

Credit card numbers are stored only if the payment gateway is set to "Authorize Only". Credit card information is never stored when the payment gateway is used in "Sale" mode (or "Authorize & Capture"). That is, it is saved only when strictly necessary to allow the correct processing of the authorized order.

Specifically, credit card numbers are kept in the database, in an encrypted format, to allow for the "Order Edit and Batch Process" feature, which allows advanced order processing to dozens and dozens of busy ProductCart stores.

- An order is received (authorized)
- The order is reviewed for accuracy and legitimacy
- The order is edited (if needed)
- The order is processed (together with any other orders that are ready to be processed), and the correct amount is captured (if the order has been edited).

The CVV code is never stored, and the above is in full compliance with the PCI standards.

Since you are logging into the Control Panel every day, you should indeed purge the numbers for any orders for which they are no longer needed. We will look at automating this task in the future.



Edited by earlyimp - 24-December-2007 at 3:49pm
The ProductCart Team

Home of ProductCart shopping cart software
Back to Top
plezaic View Drop Down
Newbie
Newbie


Joined: 05-December-2007
Status: Offline
Points: 0
Post Options Post Options   Thanks (0) Thanks(0)   Quote plezaic Quote  Post ReplyReply Direct Link To This Post Posted: 24-December-2007 at 4:24pm

ok, that makes sense. Can I have the option in the future version to disable storing of the credit cards please? Maybe a note that this will disable "Order Edit and Batch Process" feature?

Shouldn't this be mentioned on this page?

About Purging Credit Card Numbers

ProductCart saves credit card information to the store database, in an encrypted format, only in the following three scenarios:

  • When you are using offline credit card processing
  • When you are using Authorize.Net in "AUTH_ONLY" mode
  • When you are using PayPal Payflow Pro in "Authorization" mode ...
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.04
Copyright ©2001-2021 Web Wiz Ltd.

This page was generated in 0.062 seconds.