Why isn't CC information stored in an encrypted format?

[zen7]

Credit card information is stored in a non encrypted format in the database. Should anybody hack the server and do a SQL dump they would have all the credit card numbers on the server?

 

If orders are viewed in the admin section of OS Commerce that data would be passed in an unencrypted format, so a packet sniffer could grab it, right?

 

Anybody have any suggestions on this?

Donovan

[rseigel]

Quite simple actually: don't use the credit card module.

 

Use paypal, 2checkout, authorize.net, any number of solutions out there that allow you to take credit cards without risking your customers cc numbers like this.

[thewitt]

If you run the admin module through an SSL link, a packet sniffer will not be able to pull out the credit card information.

 

-t