Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Delete Credit Card "Number exp.date"

syscon

By syscon
in General Support

Recommended Posts

syscon

syscon

Posted
Posted

Is there any contribution that will let me delete credit card "number & exp. date" after transaction is processed (for security reason).

For now I use phpmyadmin but it would be faster if I could just press a button and delete this information.

 

#Joseph

#Joseph

Guest

Guest

Posted
Posted
Is there any contribution that will let me delete credit card "number & exp. date" after transaction is processed (for security reason).

For now I use phpmyadmin but it would be faster if I could just press a button and delete this information.

 

#Joseph

 

I'm not sure how many are aware of this, but storing the card number in the database will, for most merchants, automaticaly make them in violation of visa/mastercard regulations. As of Sept 30th the new security regulations from visa and mastercard are now mandatory. For more information do a google search for visa CISP. Basically anyone transporting or storing card numbers is subject to compliance (and fines if found not in compliance), but only larger operations that store large numbers of credit cards are subject to mandatory auditing (at their expense of course).

 

It will be a while before Visa and Mastercard start to take a close look at shopping cart systems, right now they are concentrating on payment service providers. However it might be a good idea to take a look at the CISP auditing procedures and do what can be done to make osCommerce compliant. The bummer is you have to have an approved outside auditor do the security audit before you can claim CISP certification. The certification can run anywhere from $5,000 to $50,000 depending on who you go with. Actually being in compliance without the certification wouldn't be a bad thing though, and it's not that difficult. For an application, the main things are that the card numbers are stored encrypted, preferrably with public/private key encryption. Minimum password lengths and automatic password expiration are also required. The rest mostly pertains to the firewall and written policies maintained by the party hosting the application.

 

Chris

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...