Author Topic: Credit Card Shown on Admin  (Read 8680 times)

Brandon Steiger

  • Beginner
  • *
  • Posts: 5
Credit Card Shown on Admin
« on: February 23, 2005, 04:13:16 am »
I have read all of the posts about how the credit card number is stored via an encoded method in the db and then displayed on the site using an Encoding Key.

However I am still concerned about this security -- the reason being multiple:

1) If someone was able to hack in they could get the Encode Key

2) If someone was to hack in they could see the code in the php to figure out how to extract the CC Numbers

3) I am paying Authorize.net to hold all of my CC Numbers where they have round the clock security

4) This puts me as a developer in a huge liablity

I have seen how to not display the CC Number in Admin, but I feel that is not enough.

Is there a way that it could be programmed to not keep the CC number and just to pass it forward to Authorize.Net

I just feel that this method of security is asking for potential problems

thanks,
bjs

Matmon

  • Beginner
  • *
  • Posts: 25
Re:Credit Card Shown on Admin
« Reply #1 on: February 23, 2005, 15:53:16 pm »
A good point, especially considering companies like Visa are soon going to require that you Do Not store CC numbers on your server unless you're certified by them to do so (which I understand is very hard).

soeren

  • Guest
Re: Credit Card Shown on Admin
« Reply #2 on: February 25, 2005, 08:19:49 am »
We could build a configuration switch wether the Storeowner wants to store CC information or not...

ciao, Soeren

schmutly

  • Beginner
  • *
  • Posts: 26
Re: Credit Card Shown on Admin
« Reply #3 on: December 04, 2005, 14:34:28 pm »
Ive posted this a few times already but im posting it here too.
Surely its not too hard (i cant...but...) to impliment a button in admin/orders where once youve processed the order (manually too of course) you click the button link that remotely runs a script (after youve inputted your username/password for phpmyadmin/the mos_db your using) and delete the data in the following three tables of the database,namely.....delete the credit card information from the table "jos_vm_order_payment" (or mos_phpshop_order_payment) , fields 'order_payment_number', 'order_payment_name' and 'order_payment_expire' for each order.
That way the CC is gone and it means next time customer shops they'll need to input CC info again of which they HAVE too anyway.
Ive been able to manually gointo phpmyadmin and delete the info (xcept for the 'order_payment_number'...help!!!!)
But im sure Soeren could doit.It would be a GREAT boost for virtuemart...allowing manual transactions and being able to delete CC info after a processed order....storing cc in DB will not be needed then and liability will shift.
Hope someone can do this...........or at the very least PLS tell me why the blob binary table data for the orderpaymentnumber wont delete from db.
Thanks,
Rob.

schmutly

  • Beginner
  • *
  • Posts: 26
Re: Credit Card Shown on Admin
« Reply #4 on: December 06, 2005, 13:48:57 pm »
ANYONE???????? ;D ;D ;D

schmutly

  • Beginner
  • *
  • Posts: 26
Re: Credit Card Shown on Admin
« Reply #5 on: February 27, 2006, 05:25:21 am »
here i am again STILL with no answer from mambo forum,joomla forum,phpmyadmin forum....well not yet.
heres the QN again.see my attachment.
the order_payment_number i cannot delete...HOW do you delete a binary blob when it says do not edit?????????????????????????????????????????????????????????
Thanks,Rob
oh...my ???????????????????????????? is sticking ;D ;D ;D ;D ;D

[attachment deleted by admin]