View Issue Details

Jump to NotesJump to HistorySearch commits
IDProjectCategoryView StatusDate SubmittedLast Update
0002944Composrecommercepublic2016-11-25 20:292016-11-25 20:30
ReporterChris GrahamAssigned To 
SeverityFeature-request 
Status non-assignedResolutionopen 
Product Version 
Fixed in Version 
Summary0002944: Storing credit card number
DescriptionWe are no longer saving credit card numbers with local payments. This is because they need to be individually encrypted to meet PCI compliance, the encryption key must not be backed up, and they need to be obfuscated when shown to users in their profiles. That's all technically very challenging for us (and our users) to achieve.

The encryption scheme could not be our regular CPF encryption scheme, as only staff can decrypt that manually using their local key password.

We are not allowed to save the CV2 either, but there's no getting around that. CV2 is not needed for payments though, it's just a security feature.
Additional InformationThere's not a great incentive for implementing this. Right now not storing the number is fine. The only good use cases are:

1) Store a first-time authorise for a user when they've paid, using CV2, then don't require CV2 for future transactions (i.e. nothing extra needs typing in). This would need extra work as right now the whole API assumes CV2 will always be passed.

2) If subscriptions are being fully locally managed (see comment in 0001529).
TagsNo tags attached.
Time estimation (hours)10
Sponsorship open

Relationships

related to 0001529 non-assigned Implement subscription free trial support [and other assorted subscription ideas] 

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2016-11-25 20:29 Chris Graham New Issue
2016-11-25 20:29 Chris Graham Description Updated View Revisions
2016-11-25 20:30 Chris Graham Relationship added related to 0001529