#2944 - Storing credit card number
-
By Chris Graham
- Added
- 1 view
| Identifier | #2944 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Storing credit card number |
| Status | Open |
| Handling member | Deleted |
| Addon | ecommerce |
| Description | We are no longer saving credit card numbers with local payments. This is because they need to be individually encrypted to meet PCI compliance, the encryption key must not be backed up, and they need to be obfuscated when shown to users in their profiles. That's all technically very challenging for us (and our users) to achieve.
The encryption scheme could not be our regular CPF encryption scheme, as only staff can decrypt that manually using their local key password. We are not allowed to save the CV2 either, but there's no getting around that. CV2 is not needed for payments though, it's just a security feature. |
| Steps to reproduce | |
| Additional information | There's not a great incentive for implementing this. Right now not storing the number is fine. The only good use cases are:
1) Store a first-time authorise for a user when they've paid, using CV2, then don't require CV2 for future transactions (i.e. nothing extra needs typing in). This would need extra work as right now the whole API assumes CV2 will always be passed. 2) If subscriptions are being fully locally managed (see comment in #1529). |
| Related to | #1529 - Implement subscription free trial support [and other assorted subscription ideas] |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
There have been no comments yet