Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

order table - credit card (cc) field should be encrypted

vungoctan

By vungoctan
in General Support

Recommended Posts

vungoctan

vungoctan

Posted
Posted

Hi u guys,

 

How do u think that we should encrypt the number in the cc field in the order table...if we can see it through phpMyAdmin, and somebody else al so can see & do freud

 

now your turn,

 

thanks for your efforts

Guest

Guest

Posted
Posted

My client dont accept cc but from what i read in the forum .... when customers do put cc # part of the cc# comes in an email and the other part is in the database !!

dreamscape

dreamscape

Posted
Posted

if someone is able to gain access like that to your database, then I'm afriad you have bigger problems than just CC#'s being stolen.

The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Guest

Guest

Posted
Posted

in order to have the cc# split you need to specify the email address to have the middle part of the cc# to be sent to in the cc payment module in admin. It is advisable to have some sort of encryption on your email with the cc# in it.

 

cheers

barry

TB

TB

Posted
Posted

Are you serious!

 

Does the CC information get stored in my database! :? :?

 

If so...

 

How do I stop this from happening and what will be the effects of it?

Why does it need to be stored there?

 

Cheers,

Tony

"The price of success is perseverance. The price of failure comes much cheaper."

Guest

Guest

Posted
Posted

if you specify a split email address in the cc module then the cc number gets stored in the database with the middle 8 digits x'ed out

 

4000XXXXXXXX0002

 

the middle eight are not stored but sent to you via email when the order completes the checkout process.

 

other info such as the expiry date are stored but without the cc number are pretty useless.

 

For peice of mind as soon as you have collected the information from the email and the admin with regard to the cc details and have manually processed the payment i would delete the cc information from you database to keep in line with your privacy policy, thus minimising the effect of any unscrupulous individuals.

 

cheers

barry

Snowman

Snowman

Posted
Posted

Im working on encryption of the CC numbers for the CVV for cc.php module at the moment. I plan to make the module either encrypt the whole number or encrypt the part of the number that is stored in the database.

 

Of course storing you CC in a database is asking for trouble, but heaps do it...and even some of the big guys...(paysystems, amazon and others)

Guest

Guest

Posted
Posted

steve that sounds great, when do you estimate you'll have that ready?

 

just so i can look out for it.

 

cheers

barry

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...