[ic] User options

Bill Carr bill at worldwideimpact.com
Wed Apr 5 22:18:42 EDT 2006

On Apr 5, 2006, at 9:29 PM, Elver Loho wrote:

> We're using 5.0 with some custom patches. Right now the client can
> enter his/her credit card number during checkout and it'll be
> remembered by the system for when he/she is buying something again.
> What we'd like to do is make it so that the client can change the
> credit card number in his/her settings as well. The problem is that
> Interchange has hidden that part of the code... Somewhere. I'm not
> sure where it is. Just copying that part over from the checkout code
> enables changing the credit card details, but not creating them. It
> fails to set mv_credit_card_reference in userdb, plus it doesn't send
> over the CC# in an encrypted e-mail as is usual.
> Could someone point me in the right direction in this regard here?
Sorry I don't have an answer but I am glad you brought it up. I think  
Interchange does not save the CC number for security reasons. We have  
not been storing credit card numbers  but would like to be able to do  
the following:

1. Allow the user's payment details to remembered as you mention  
above. This is becoming a standard for major e-commerce site's (i.e.  
Amazon.com, Apple.com, etc.).
2.  Eliminate the need to send the PGP encrypted credit card number  
via e-mail. This is a confusing part of the process for the merchants  
we are doing sites for that I would like to eliminate. We are  
currently directing our customers to setup the encryption using  
Windows Privacy Tools. We would like to let the merchant see the CC  
number on the order detail screen and/or give them the ability to  
download a batch of orders for import into their POS/Accounting  
system. This transfer would happen via https.
3. Manage recurring billing (i.e. Wine Clubs)

Question: What are the best practices for handling the credit card  
numbers for the purposes mentioned above? For years I've been telling  
clients we never store credit card numbers. That has been a very  
convenient way to manage our liability but I don't think we are going  
to be able to get away with it for much longer. The consumer  expects  
both convenience and security. What is the right way to do both?

Bill Carr
Bottlenose - Wine & Spirits eBusiness Specialists
(877) 857-6700

More information about the interchange-users mailing list