Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Split card a bit -- 'random'


Recommended Posts

I'm finding the CC split-card facility to be a bit inconsistent.


Sometimes it takes out the middle 8 digits, sometimes the middle 10, and sometimes none at all (nothing gets e-mailed when that happens).


I can't see how that could possibly happen - but it does. I also can't see any kind of pattern. Anyone else had that kind of experience? Any idea what the solution is?


-- Jason

Link to comment
Share on other sites

It's getting a bit lonely in this thread. At least I have found the problem and the solution. I would expect this to be a problem for other UK and Australian operators.


I am accepting Switch cards, which can be 16, 18 or 19 digits long. I am also storing the cards in encrypted form (it's actually more a ciphor then full encryption).


The ciphor maps each digit to two digits in the encrypted form. So an encrypted credit card number is 32, 36 and 38 digits long. Unfortunately the order table only allows for 32 digits, so the remaining are getting siliently discarded.


I have increased the size of the [osc_]orders.cc_number field from 32 to 40 characters, and it all works fine now. All CC types are accepted and the correct number of digits are being blanked out and e-mailed.


It is not the middle eight digits that are blanked out. It is actually all but the first four and the last four. It happens to be the middle eight if the credit card number is 16 digits long to start with.


Anyway - sorted.


-- JJ

Link to comment
Share on other sites

Top job for sorting that out, I will be making the same change to my DB. Sounds like this should be implemented on install rather than a modification to DB structure





Contribs Written: Nochex APC Payment Module, Cheque Payment Module

Contribs Updated: Information Pages Unlimited, Latest News V1

You've gotta be Quick on the Draw in this game!

Link to comment
Share on other sites

I would have raised it as a bug, but since the Switch cards are not a part of the base install, there is no real bug.


A work-around, without changing the table, is to switch off credit card encryption. Since the middle digits are stripped out anyway, and you won't be leaving the card details on the database for long, it's probably not too much of a security risk.


The update should only take a few moments. The structure doesn't change - just the length of a table column (I know what you meant though).


Now to go contact those customers and get them to send me the last digits of their card again...


-- JJ

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...