cancel
Showing results for 
Search instead for 
Did you mean: 

Magento 1. does store credit card information regardless of payment module settings

Magento 1. does store credit card information regardless of payment module settings

We have found a nasty surprise Magento 1.4 it does store credit card information regardless of payment module settings and appears to be a bug.Anyone else see this threat?

3 REPLIES 3

Re: Magento 1. does store credit card information regardless of payment module settings

Hi @intechmarketing

 

Which payment module are you using? Are you using saved cc payment method or any custom module for the payment?

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Magento 1. does store credit card information regardless of payment module settings

Thanks for the response. The client uses a LinkPoint payment module (based off a popular authorize.net one) purchased through the Magento Community extension store. They have never used the save credit card function as that has been known for a long time as a violation of PCI compliance going back 10 years or so now (it shouldn't even be part of Magento, period). The module doesn't have any CC save function and only generates last 4 in the order notes. this centers around the re-order link in the admin. Customer/orders/re-order. I can't think of any extension that would have added this 'feature' as I think most of us know that's just a terrible idea. I did run a SQL statement update to remove the data (it is encrypted in the database anyway but again against Visa's policies) but the client is worried about an admin. access hack, which I tell them is more an issue with weak passwords.. and the downloader..

Re: Magento 1. does store credit card information regardless of payment module settings

Following up on the payment extension, it's not supposed to save credit card info and isn't set to do so. However the developer says it depends on how it's flagged within the programming itself. So they are working on a patch as it's not something easily changed like a XML file. I'm a bit baffled as it was originally sold as not retaining CC's but the developer is working on fixing it. The suggestion about the payment module, although obvious, did encourage me to contact several of the extension developers to inquire about this specific issue. Thank you for your help muk_t