[ic] Credit card CVV numbers
Jon Jensen
jon at endpoint.com
Sat Jun 10 11:55:48 EDT 2006
On Sat, 10 Jun 2006, Grant wrote:
> Has there been any integration of credit card CCV numbers into IC or
> should I just save it as a normal field in the orders database?
Some of the payment gateway modules support it, and others don't. I've
used it with Verisign. To find out which others (more or less):
grep -rl CVV2 lib/Vend/Payment
However, a big warning: Do not ever save the number unencrypted to disk.
In fact, you're not supposed to save it to disk at all, even encrypted,
according to most credit card company contracts. Some I've read say they
will cancel your account immediately if they find out you've saved the
CVV2 number, even if encrypted.
The only way it's supposed to be used is passed in real-time from the user
to the payment gateway, which returns a code saying whether it matched or
not. But you're really not supposed to save it for future use, even for
the sale in question.
Jon
--
Jon Jensen
End Point Corporation
http://www.endpoint.com/
More information about the interchange-users
mailing list