Does anyone know why is PC storing credit card number and expiration date? Once this info is sent to authorize.net it is no longer needed. It is a huge security issue and I can't imagine sitting there 24/7 babysitting shopping cart and purging the numbers every time the order comes in. Can it be stopped from storing the credit card number?

Thanks,
Predrag

Credit card numbers are stored only if the payment gateway is set to "Authorize Only". Credit card information is never stored when the payment gateway is used in "Sale" mode (or "Authorize & Capture"). That is, it is saved only when strictly necessary to allow the correct processing of the authorized order.

Specifically, credit card numbers are kept in the database, in an encrypted format, to allow for the "Order Edit and Batch Process" feature, which allows advanced order processing to dozens and dozens of busy ProductCart stores.

- An order is received (authorized)
- The order is reviewed for accuracy and legitimacy
- The order is edited (if needed)
- The order is processed (together with any other orders that are ready to be processed), and the correct amount is captured (if the order has been edited).

The CVV code is never stored, and the above is in full compliance with the PCI standards.

Since you are logging into the Control Panel every day, you should indeed purge the numbers for any orders for which they are no longer needed. We will look at automating this task in the future.

ok, that makes sense. Can I have the option in the future version to disable storing of the credit cards please? Maybe a note that this will disable "Order Edit and Batch Process" feature?

Shouldn't this be mentioned on this page?

About Purging Credit Card Numbers

ProductCart saves credit card information to the store database, in an encrypted format, only in the following three scenarios:

• When you are using offline credit card processing
• When you are using Authorize.Net in "AUTH_ONLY" mode
• When you are using PayPal Payflow Pro in "Authorization" mode ...