Results 1 to 6 of 6
  1. #1
    Join Date
    Mar 2010
    Posts
    49
    Plugin Contributions
    0

    Default CEON Credit Card Numbers not showing correctly

    I installed Ceon V4 after upgrading to Zen V5.1. As you know, there a 16 numbers for a credit card, all the numbers do not show up. Below is what we get:
    From the Invoice:
    Payment Method: Credit/Debit Card
    Credit card Number: 1111xx1111
    Credit Card Expires: 0315
    From the email Confirmation:
    Credit/Debit Card
    Visa Debit xx1111
    So we're missing the other 4 credit card numbers..
    One other question. When I installed the module, the instructions said to not copy the files into the store's admin/includes; so I installed them into store/includes. The path to my store is actually store/duty/includes....

  2. #2
    Join Date
    Mar 2010
    Posts
    49
    Plugin Contributions
    0

    Default Re: Credit Card Numbers not showing correctly - added some information

    I've found that the email is giving the last four numbers of the credit card which is already stated on the invoice; so we're missing all 8 middle digits of the number. Didn't know this till this morning since I didn't know the real credit card number. My client contacted the customers to get each customer real credit card number.
    Would really appreciate some help!
    Thanks
    Sharon

  3. #3
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Credit Card Numbers not showing correctly

    It is (basically) illegal to store credit card numbers directly on your store's database, since (I can almost guarantee based on your question that) you've not built yourself a multi-million-dollar datacenter to the required security specifications to allow you to store such sensitive information.

    This is NOT a Zen Cart issue. This is a credit card security and fraud prevention issue, which you'll find in ALL online store systems.
    If you don't understand or if you disagree, talk to your bank directly and tell them that you want to store unencrypted credit card numbers on the internet. And watch their reaction. They'll educate you quickly ... or cancel your bank account.

    That is why Zen Cart only stores maximum 10 characters, and the middle 2 characters are XX. Thus the sensitive information can never be stolen.

    If you're trying to change the way Zen Cart works and intend to store credit card numbers unencrypted in your database, then you're assuming all the risks of fraud, and should be setting aside tons of money for the fees you'll pay in fraud investigations.

    I know there's a CEON credit card module which sends information by email. If that's what you're using, then perhaps you need to investigate its proper use more thoroughly.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  4. #4
    Join Date
    Jun 2005
    Location
    Cumbria, UK
    Posts
    10,262
    Plugin Contributions
    3

    Default Re: Credit Card Numbers not showing correctly

    Quote Originally Posted by DrByte View Post
    It is (basically) illegal to store credit card numbers directly on your store's database, since (I can almost guarantee based on your question that) you've not built yourself a multi-million-dollar datacenter to the required security specifications to allow you to store such sensitive information.

    This is NOT a Zen Cart issue. This is a credit card security and fraud prevention issue, which you'll find in ALL online store systems.
    If you don't understand or if you disagree, talk to your bank directly and tell them that you want to store unencrypted credit card numbers on the internet. And watch their reaction. They'll educate you quickly ... or cancel your bank account.

    That is why Zen Cart only stores maximum 10 characters, and the middle 2 characters are XX. Thus the sensitive information can never be stolen.

    If you're trying to change the way Zen Cart works and intend to store credit card numbers unencrypted in your database, then you're assuming all the risks of fraud, and should be setting aside tons of money for the fees you'll pay in fraud investigations.

    I know there's a CEON credit card module which sends information by email. If that's what you're using, then perhaps you need to investigate its proper use more thoroughly.
    As Dr Byte says, you risk EVERYTHING - including your livelihood and future. I don't suppose you are aware of this story:

    In 2010, Genesco was the victim of "a sophisticated cybercrime attack," according to court papers available on Wired's Web site, which was the first to report the lawsuit. Criminals installed a packet sniffer on Genesco's networks to gather unencrypted card-swiped transactions during the authorization process. "Notwithstanding this circumstance, the PCI DSS not only does not prohibit, it actually expressly approved, unencrypted transmission of mag-stripe-swipe transaction approval data," according to the court document.

    Genesco claims thieves never accessed data stored within the company's network, in part because Genesco rebooted its servers which overwrote any log files with sensitive cardholder data before hackers could accessed it. Nonetheless, Visa alerted all of its account holders who'd made a purchase at a Genesco store from Dec. 4, 2009 to Dec. 1, 2010 that their private data may have been compromised.

    In May 2011, providers Fifth Third Financial and Wells Fargo, and in turn Genesco, were fined $13,298,900 for PCI DSS violations and expenses incurred over the breach and resulting fraudulent charges.

    Both Visa and Mastercard fined the companies for a combined $15.6 million, but only Visa is named in the current lawsuit. In a January SEC filing, Genesco reported $2.1 million in legal and consulting fees related to the data breach.

    Only one other related lawsuit has been reported in the United States, and that one involved a $90,000 legal dispute between a Utah restaurant chain and US Bank, which sued each other after the restaurant failed to secure its network and suffered a data breach that resulted in fraud and PCI penalties, according to Wired.
    19 years a Zencart User

  5. #5
    Join Date
    Mar 2010
    Posts
    49
    Plugin Contributions
    0

    Default Re: Credit Card Numbers not showing correctly

    Quote Originally Posted by DrByte View Post
    It is (basically) illegal to store credit card numbers directly on your store's database, since (I can almost guarantee based on your question that) you've not built yourself a multi-million-dollar datacenter to the required security specifications to allow you to store such sensitive information.

    This is NOT a Zen Cart issue. This is a credit card security and fraud prevention issue, which you'll find in ALL online store systems.
    If you don't understand or if you disagree, talk to your bank directly and tell them that you want to store unencrypted credit card numbers on the internet. And watch their reaction. They'll educate you quickly ... or cancel your bank account.

    That is why Zen Cart only stores maximum 10 characters, and the middle 2 characters are XX. Thus the sensitive information can never be stolen.

    If you're trying to change the way Zen Cart works and intend to store credit card numbers unencrypted in your database, then you're assuming all the risks of fraud, and should be setting aside tons of money for the fees you'll pay in fraud investigations.

    I know there's a CEON credit card module which sends information by email. If that's what you're using, then perhaps you need to investigate its proper use more thoroughly.
    I understand all that you have said and have been round & round with my client about the security issues. But she wants Zen Cart to work the way it did before I upgraded it to V1.5 (from V1.3). Hence the reason I installed the Ceon module. I posted here because this is where I found the module to add on, so that it handled the emails as it did before. Believe me I will have it in writing that I have advised against this but the client was insistent. CYOB So I will get the instructions out and see where to go for help. Thanks for the reply.

  6. #6
    Join Date
    Jun 2005
    Location
    Cumbria, UK
    Posts
    10,262
    Plugin Contributions
    3

    Default Re: Credit Card Numbers not showing correctly

    Bear in mind that YOU will be held JOINTLY and SEVERALLY LIABLE should your client's site be the victim of fraud. The bank will want to know WHO put the system in place - - - and that's YOU.

    If your "client" wants to take the risk, let them... But let some other idiot install the module.

    I had a potential client ask for this a few years ago and I declined the contract when they insisted I install it. I don't care if they get busted, but I sure am not going to be dragged down with them.
    19 years a Zencart User

 

 

Similar Threads

  1. Credit Card Numbers not showing up
    By phenn in forum Managing Customers and Orders
    Replies: 1
    Last Post: 19 Feb 2008, 07:15 PM
  2. Credit card numbers not storing
    By zpyder in forum General Questions
    Replies: 2
    Last Post: 15 Feb 2007, 12:52 AM
  3. Credit Card numbers not being captured
    By catgifts in forum Managing Customers and Orders
    Replies: 5
    Last Post: 2 Jan 2007, 10:16 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR