Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Encrypting credit card data


Guest

Recommended Posts

Apparently California has enacted a law requiring that all e-commerce companies selling in California (all of us) must encrypt any credit card information stored in any database.

 

Does anyone know a plug-in that will enable this sort of credit card encryption?

Link to comment
Share on other sites

I have just installed today's (May 6) snapshot. Encryption does not seem to be working.

 

When I look directly in the orders table cc_number field, the data is NOT encrypted.

 

What is more, when I view orders remotely, the connection is via http not https. Since I can also view the CC number this way, this means that the CC number is being transmitted over the internet un-encrypted.

Link to comment
Share on other sites

Encryption will work if you have a SSL certificate and the right path in both your catalog and admin includes/configure.php files

 

HTH

The_Bear

Link to comment
Share on other sites

Are you using the stock OSC CC.php payment module ? Take the burden off yourself.

 

-Get an SSL Cert (they're cheap!)

-Signup for a payment gateway service (2co, bluepay, authorize.net, etc) - Let them handle the burden of storing credit card info..

 

Good luck ;)

Link to comment
Share on other sites

In catalog/includes/configure.php, I have ENABLE_SSL = true. Although orders do take place via SSL (and https), the CC number is still stored in the database unencrypted.

 

What configuration paramenters must I set to have the CC number stored in the database in an encrypted format?

Link to comment
Share on other sites

I'm pretty sure that stock Osc does not encrypt CC numbers etc whether using SSL or not.

 

There is a contribution which does do so however, released the other day. Check the contributions area, as I don't personally use it so it might not be exactly what you are looking for.

Link to comment
Share on other sites

If you enter an emailaddress in the cc.php modulesettings in your admin. The creditcardnumbers are only partially stored in your database. The missing digits are emailed to you.

 

Although the part in the db is still not encrypted, it isn't a cc-number anymore without the emailed missing digits.

Greetings from Marcel

|Current version|Documentation|Contributions|

Link to comment
Share on other sites

Yeah... my mistake... was something else I had looked at that encrypted the numbers.... sorry for the confusion :oops:

Link to comment
Share on other sites

  • 3 weeks later...

Any word on the cc encryption?

 

Sorry, I am a newbie, and have searched for cc encryption, in the contributions section also, and can not find out whether or not cc encryption will work or not with oscommerce.

 

If someone knows, please give me a link here.

Thanks!

 

Starkness

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...