Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Orders: Emails do not have credit card numbers?


Recommended Posts

Sorry for the newbie question...but I just got OSC working and looking pretty good.


When I test some orders, I get an email with only the middle numbers and another email with the order information with the outside numbers with xxxxxxxs in the middle.


I am guessing that I need an SSL certificate to get the proper email with the complete order information -- meaning the entire credit card information.


Here is my site


Thanks much for you help.


Bill :D

Link to comment
Share on other sites

Here is the way it normally works, assuming you are using the default Credit Card module.


All the information, including the full credit card number, is stored in the database for you to retrieve with the admin panel. The store owner gets no e-mail.


If you set the "Split credit card e-mail" option for the Credit Card module, the designated address gets an e-mail containing only the order number and the middle digits of the CC number. The rest of the order details, including the CC number with the middle digits Xed out, are stored in the database.


If you set the "Send extra order e-mail" option, then the designated address gets a copy of the acknowledgement sent to the customer.


I can't see how you are getting an e-mail with the rest of the CC number.


You do not need your own SSL certificate, but you certainly want to use SSL for the parts of the site where customer personal information is entered. This can use shared SSL. You don't have that set up and it will make a lot of customers decide not to shop with you, as most web users have been taught to insist on seeing the SSL padlock when entering personal info.


Now, since you so kindly left your admin wide open, I can see that you have selected both authorize.net and the default Credit Card option. You don't want both. If you are using authorize.net, disable the Credit Card module. I am not familiar with the use of authorize.net, but I would expect that with this you would have to log in to their system to see the credit card details and would not get an e-mail.


I strongly recommend that you establish password protection for your admin area and change all your passwords.

Link to comment
Share on other sites

Are you able to install an SSL yourself via your Control Panel? If you are you would still need your hosting company to reboot the httpd config files to complete the install, and they may not want to do this for an ssl you installed yourself.


By the way, you'll also need for your site to be IP based and not name based to use a full ssl. This will be an additional cost.



Thanks for your help Steve. I got it all sorted out now. Finally, all of the light bulbs have turned on (at least all I can see now LOL)


I will add the SSL next week.

Link to comment
Share on other sites

My current host doesn't allow for user SSL certs, so I use their free shared SSL. For my store, that's perfectly adequate.


Vger, I don't understand your comment about needing to be "IP based" in order to use an SSL certificate. Do you mean that the domain has to have a unique IP? If so, that isn't true.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...