Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

order table - credit card (cc) field should be encrypted


vungoctan

Recommended Posts

Hi u guys,

 

How do u think that we should encrypt the number in the cc field in the order table...if we can see it through phpMyAdmin, and somebody else al so can see & do freud

 

now your turn,

 

thanks for your efforts

Link to comment
Share on other sites

My client dont accept cc but from what i read in the forum .... when customers do put cc # part of the cc# comes in an email and the other part is in the database !!

Link to comment
Share on other sites

if someone is able to gain access like that to your database, then I'm afriad you have bigger problems than just CC#'s being stolen.

The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Link to comment
Share on other sites

in order to have the cc# split you need to specify the email address to have the middle part of the cc# to be sent to in the cc payment module in admin. It is advisable to have some sort of encryption on your email with the cc# in it.

 

cheers

barry

Link to comment
Share on other sites

Are you serious!

 

Does the CC information get stored in my database! :? :?

 

If so...

 

How do I stop this from happening and what will be the effects of it?

Why does it need to be stored there?

 

Cheers,

Tony

"The price of success is perseverance. The price of failure comes much cheaper."

Link to comment
Share on other sites

if you specify a split email address in the cc module then the cc number gets stored in the database with the middle 8 digits x'ed out

 

4000XXXXXXXX0002

 

the middle eight are not stored but sent to you via email when the order completes the checkout process.

 

other info such as the expiry date are stored but without the cc number are pretty useless.

 

For peice of mind as soon as you have collected the information from the email and the admin with regard to the cc details and have manually processed the payment i would delete the cc information from you database to keep in line with your privacy policy, thus minimising the effect of any unscrupulous individuals.

 

cheers

barry

Link to comment
Share on other sites

Im working on encryption of the CC numbers for the CVV for cc.php module at the moment. I plan to make the module either encrypt the whole number or encrypt the part of the number that is stored in the database.

 

Of course storing you CC in a database is asking for trouble, but heaps do it...and even some of the big guys...(paysystems, amazon and others)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...