Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Credit card encryption


newtech

Recommended Posts

I am using the credit card encryption contribution (http://addons.oscommerce.com/info/4359).

I need it to do something unique (I know all about PCI).

 

I need it to work in the following way:

Encrypt credit cards in the database, but not in the orders section of the control panel.

I want to be able to see the credit card number in the orders section and then zap it.

 

Is there a way to make the contrib work in the database, but prevent it from working in the control panel by removing some code? I have tried various options with no luck.

 

I am assuming there is no way to do this, but thought I would ask.

Link to comment
Share on other sites

i think the addon you mentioned already has a decrypt function included so i don't know why you have a problem seeing card number in orders?

Note: i am not endorsing the use of this addon nor the idea of storing card details in the db and i don't know your circumstance. ironically, the addon in question also comes with a decrypt function which would mean if someone got hold of a copy of the db then reading the card details is a trivial task.

Ken

commercial support - unProtected channel, not to be confused with the forum with same name - open to everyone who need some professional help: either PM/email me, or go to my website (URL can be found in my profile).

over 20 years of computer programming experience.

Link to comment
Share on other sites

After reading your post I looked back at the script and you are correct there is a decrypt feature, but for some reason the decrypt is not working. Instead, if I have encryption as True, then the credit card number is encrypted in both the database and the orders section in control panel.

 

If I have encryption as false, then the credit card number appears in both in the database and order section. I can go to https://yourwebsitename/catalog/admin/encrypt_ccnum.php to encrypt all credit card numbers in the database and order section.

 

What I want to happen is when the customer places an order, their credit card number is immediately encrypted in the database and shows in orders. Then my client goes to orders, zaps the credit card number, the number is now no longer available in the order section or database. If someone was to get a hold of the database there would be no numbers for them to view.

 

So, is there anyone who has been able to do what I have described above?

Link to comment
Share on other sites

1. if the descrypt function is not working then you would first need to find out why and make it work;

2. i do not feel it is a good idea to wait for the customers to log in to their account and delete the card details. they may or may not bother to do it but the liability may still be with you. I would rather create a page in admin and have a button on that page, when click, it runs a query to remove all card details where the order status is complete or shipped. and you run it on daily basis or a via cron job to run every few hrs as you see fit.

Ken

commercial support - unProtected channel, not to be confused with the forum with same name - open to everyone who need some professional help: either PM/email me, or go to my website (URL can be found in my profile).

over 20 years of computer programming experience.

Link to comment
Share on other sites

I was able to get the script to function the way I want it. Not sure what I did to fix it at this point, but it is working. Thanks for your help-by confirming the script could do what I want, helped in the troubleshooting.

Link to comment
Share on other sites

  • 8 months later...

I was able to get the script to function the way I want it. Not sure what I did to fix it at this point, but it is working. Thanks for your help-by confirming the script could do what I want, helped in the troubleshooting.

 

I know this is a VERY old thread - but are you able to say what you did to get it to work? I have the same issue.

Link to comment
Share on other sites

  • 2 months later...

I know this is a VERY old thread - but are you able to say what you did to get it to work? I have the same issue.

 

I know, old topic. But I'm having the same problem, bonzabuy or newtech could you explain how your resolved this.

 

Thanks,

 

- Dane

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...