[ic] Credit card CVV numbers

Jon Jensen jon at endpoint.com
Sat Jun 10 11:55:48 EDT 2006

On Sat, 10 Jun 2006, Grant wrote:

> Has there been any integration of credit card CCV numbers into IC or
> should I just save it as a normal field in the orders database?

Some of the payment gateway modules support it, and others don't. I've 
used it with Verisign. To find out which others (more or less):

     grep -rl CVV2 lib/Vend/Payment

However, a big warning: Do not ever save the number unencrypted to disk. 
In fact, you're not supposed to save it to disk at all, even encrypted, 
according to most credit card company contracts. Some I've read say they 
will cancel your account immediately if they find out you've saved the 
CVV2 number, even if encrypted.

The only way it's supposed to be used is passed in real-time from the user 
to the payment gateway, which returns a code saying whether it matched or 
not. But you're really not supposed to save it for future use, even for 
the sale in question.


Jon Jensen
End Point Corporation

More information about the interchange-users mailing list