[ic] User options
bill at worldwideimpact.com
Wed Apr 5 22:18:42 EDT 2006
On Apr 5, 2006, at 9:29 PM, Elver Loho wrote:
> We're using 5.0 with some custom patches. Right now the client can
> enter his/her credit card number during checkout and it'll be
> remembered by the system for when he/she is buying something again.
> What we'd like to do is make it so that the client can change the
> credit card number in his/her settings as well. The problem is that
> Interchange has hidden that part of the code... Somewhere. I'm not
> sure where it is. Just copying that part over from the checkout code
> enables changing the credit card details, but not creating them. It
> fails to set mv_credit_card_reference in userdb, plus it doesn't send
> over the CC# in an encrypted e-mail as is usual.
> Could someone point me in the right direction in this regard here?
Sorry I don't have an answer but I am glad you brought it up. I think
Interchange does not save the CC number for security reasons. We have
not been storing credit card numbers but would like to be able to do
1. Allow the user's payment details to remembered as you mention
above. This is becoming a standard for major e-commerce site's (i.e.
Amazon.com, Apple.com, etc.).
2. Eliminate the need to send the PGP encrypted credit card number
via e-mail. This is a confusing part of the process for the merchants
we are doing sites for that I would like to eliminate. We are
currently directing our customers to setup the encryption using
Windows Privacy Tools. We would like to let the merchant see the CC
number on the order detail screen and/or give them the ability to
download a batch of orders for import into their POS/Accounting
system. This transfer would happen via https.
3. Manage recurring billing (i.e. Wine Clubs)
Question: What are the best practices for handling the credit card
numbers for the purposes mentioned above? For years I've been telling
clients we never store credit card numbers. That has been a very
convenient way to manage our liability but I don't think we are going
to be able to get away with it for much longer. The consumer expects
both convenience and security. What is the right way to do both?
Bottlenose - Wine & Spirits eBusiness Specialists
More information about the interchange-users