[ic] Credit card CVV numbers
emailgrant at gmail.com
Sun Jun 11 11:59:16 EDT 2006
> > Has there been any integration of credit card CCV numbers into IC or
> > should I just save it as a normal field in the orders database?
> Some of the payment gateway modules support it, and others don't. I've
> used it with Verisign. To find out which others (more or less):
> grep -rl CVV2 lib/Vend/Payment
> However, a big warning: Do not ever save the number unencrypted to disk.
> In fact, you're not supposed to save it to disk at all, even encrypted,
> according to most credit card company contracts. Some I've read say they
> will cancel your account immediately if they find out you've saved the
> CVV2 number, even if encrypted.
> The only way it's supposed to be used is passed in real-time from the user
> to the payment gateway, which returns a code saying whether it matched or
> not. But you're really not supposed to save it for future use, even for
> the sale in question.
I should have given more information on how I'm processing cards. I
use the standard IC facilities to encrypt the CC info via GPG and have
it emailed to me, then I process it via a virtual terminal. I was
wondering if the CVV info had been incorporated into that encrypted
block along with the account number and expiration date. The reason
for all of this is PayPal's virtual terminal requires the CVV info so
I need to start collecting it right away.
More information about the interchange-users