Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Emailing CVV rather than storing with CVV2 Version 2.1


Malvarlin

Recommended Posts

I have altered my copy of the mod to add the CVV code to the bottom of the extra info email that gets sent out rather than storing it in the database, am i right in assuming that I can do the latter part by altering the following line

 

'cc_cvv2' => (isset($HTTP_POST_VARS['cc_cvv2']) ? $HTTP_POST_VARS['cc_cvv2'] : ''),

to

'cc_cvv2' => '',

in /includes/classes/order.php

 

also

 

in cc.php if I add this

 

$message = $HTTP_POST_VARS['cc_cvv2'] . "\n\n";

tep_mail('', MODULE_PAYMENT_CC_EMAIL, 'Extra Order Info: #' . $insert_id, $message, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

 

after this

 

$message = 'Order #' . $insert_id . "\n\n" . 'Middle: ' . $this->cc_middle . "\n\n" . $HTTP_POST_VARS['cc_cvv2'] . "\n\n";

tep_mail('', MODULE_PAYMENT_CC_EMAIL, 'Extra Order Info: #' . $insert_id, $message, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

 

will it go in yet another seperate email altogether.

 

 

Thanks

Link to comment
Share on other sites

I could be wrong, but off the top I'd say emailing it isn't PCI compliant just as much as storing it in the DB is.

 

Email is even less secure (in my opinion) than putting it in your DB.

 

And if I'm wrong it won't be the first or last time that's been true...

:blush:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...