Why PC stores credit card numbers?

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Does anyone know why is PC storing credit card number and expiration date? Once this info is sent to authorize.net it is no longer needed. It is a huge security issue and I can't imagine sitting there 24/7 babysitting shopping cart and purging the numbers every time the order comes in. Can it be stopped from storing the credit card number?
Thanks,
Predrag

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
plezaic Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 05-December-2007 Status: Offline Points: 0	Post Options Post Reply Quote plezaic Report Post Thanks(0) Quote Reply Topic: Why PC stores credit card numbers? Posted: 24-December-2007 at 3:13pm
	Does anyone know why is PC storing credit card number and expiration date? Once this info is sent to authorize.net it is no longer needed. It is a huge security issue and I can't imagine sitting there 24/7 babysitting shopping cart and purging the numbers every time the order comes in. Can it be stopped from storing the credit card number? Thanks, Predrag

ProductCart Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group ProductCart Team Joined: 01-October-2003 Status: Offline Points: 135	Post Options Post Reply Quote ProductCart Report Post Thanks(0) Quote Reply Posted: 24-December-2007 at 3:43pm
	Credit card numbers are stored only if the payment gateway is set to "Authorize Only". Credit card information is never stored when the payment gateway is used in "Sale" mode (or "Authorize & Capture"). That is, it is saved only when strictly necessary to allow the correct processing of the authorized order. Specifically, credit card numbers are kept in the database, in an encrypted format, to allow for the "Order Edit and Batch Process" feature, which allows advanced order processing to dozens and dozens of busy ProductCart stores. - An order is received (authorized) - The order is reviewed for accuracy and legitimacy - The order is edited (if needed) - The order is processed (together with any other orders that are ready to be processed), and the correct amount is captured (if the order has been edited). The CVV code is never stored, and the above is in full compliance with the PCI standards. Since you are logging into the Control Panel every day, you should indeed purge the numbers for any orders for which they are no longer needed. We will look at automating this task in the future. Edited by earlyimp - 24-December-2007 at 3:49pm
	The ProductCart Team Home of ProductCart shopping cart software

plezaic Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 05-December-2007 Status: Offline Points: 0	Post Options Post Reply Quote plezaic Report Post Thanks(0) Quote Reply Posted: 24-December-2007 at 4:24pm
	ok, that makes sense. Can I have the option in the future version to disable storing of the credit cards please? Maybe a note that this will disable "Order Edit and Batch Process" feature? Shouldn't this be mentioned on this page? About Purging Credit Card Numbers ProductCart saves credit card information to the store database, in an encrypted format, only in the following three scenarios: When you are using offline credit card processing When you are using Authorize.Net in "AUTH_ONLY" mode When you are using PayPal Payflow Pro in "Authorization" mode ...