Storing credit card numbers??
shanewho
temporarily, and sometimes longer even if you have checked the option
to only keep the last 4 digits. If the transaction fails for some
reason, the # is not cleared out and can be seen in the orders account
info page. Also, if the user enters their credit card #, goes to the
confirm page (just before the order is submitted), but leaves the site
before the final submission, their # stays in the database.
I could be wrong, but I think U.S. law requires you to meet some
security regulations if you are storing customers credit card #'s in
your system, which I doubt most hosting providers do not meet.
Am I off base here, or does this concern anyone else?
Roger Pack
mention can be avoided automatically.
-r
> --
> You received this message because you are subscribed to the Google Groups "substruct" group.
> To post to this group, send email to subs...@googlegroups.com.
> To unsubscribe from this group, send email to substruct+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/substruct?hl=en.
>
>
seth b
in the DB for PCI DSS certification / regulations.
The preference in Substruct is supposed to give site owners a choice
if they'd like to store cards or not. Some merchants like to be able
to contact the cardholder and potentially run failed transactions
after speaking with them.
I'd be open to looking at well tested patches that only store the card
in memory until the order is completed. If it concerns you that much,
please feel free to submit one.
- Seth
--------------------
http://subimage.com
http://twitter.com/subimage