Credit Card Number missing - intermittent error

[blinden]

on occasion, I will get an order that will store no CC data in the DB. (#, ccv, exp. date, etc)

This happens only periodically, and most orders work okay, any idea what would cause particular orders to not store this information? I would think that that ZenCart software would not allow the order to be placed without the information in it, it almost seems like it's skipping this step or something.

Thanks for the help.

[Merlinpa1969]

you shouldnt be storing the CC number in the database.

[DrByte]

Which payment module are you using?

[blinden]

you shouldnt be storing the CC number in the database.

Well, unforunately, I cannot convince the customer of this, they don't want to process the sales electronically, they want to enter everything by hand by looking at the orders, so it is done.

As for the module, I'm only using the CC module, nothing else. This store is very particular and doesn't seem to like anything 'new' or 'different'

[TinaS]

You don't have to store the cc numbers in the database to achieve the "enter by hand" - zen will send 2 emails when an order has placed automatically, at least this is how it works in my clients sites and no that isn't a typo she owns numerous sites. We use the cc module on every single one without storing the data.

She gets one email that informs of the order and another email that contains the "missing" portion of the credit card from the first one.

Storing the info in a database is extremely risky business because if they ever get hacked all of that info is going to be vulnerable.

[bluedotgames]

sending the cc information over email, even if it is in 2 seperate emails, is even riskier business

[Merlinpa1969]

actually its not,
since it ONLY sends 1 email and only the middle numbers,
however if your merchant ever findsout that you are storing numbers in an unencrypted database you will most likely lose the merchant account.
Visa MC AMEX and discover are all very adament about this,

you really need to step up, do your JOB and let the clients know that they can get into serious trouble,
legal and financial.

they are your clients, its your job to educate them,
but either way, you have been givin about the only answer your gonna get on this,

DONT DO IT

[bluedotgames]

From you:

actually its not,
since it ONLY sends 1 email and only the middle numbers,

From the post:

She gets one email that informs of the order and another email that contains the "missing" portion of the credit card from the first one.

Actually it is. The poster is claiming to receive two emails allowing a complete cc number to be achieved. You cannot argue that such a situation is more secure than storing cc numbers in a database, however plaintext they may be.

I'm not saying you should store them in the database, just saying that my original statment is correct.

[Merlinpa1969]

OK dot,
You obvoiously have NO clue,

the INVOICE displays the first 4 the last 4 and the exp
NOT an email

the emailed portion displays the middle 8 numbers and the cvv. these 8 numbers are NOT stored in the DB

while the first set is,

and well as for security, the credit card companies say this is just fine,

while they have expressly said that storing of cc numbers in an un encrypted DB is an absolute no no, and storing CVV is not only unadvisable its also against the law.

If the poster is getting 2 emails, then they need to stop changing the core code, it was setup to be secure

[bluedotgames]

You obvoiously have NO clue,

Dont get pissy at me, I'll be courteous to you - you do the same to me. Apparently you don't realize what I am responding to. I am only responding to the poster's STATEMENT about THEIR SITUATION. I am not passing a judgment upon Zencart's default CC status. According to the poster's STATEMENT, my observation is CORRECT.

They may have misspoke and led me to believe they are receiving two emails when in fact it is just the db stored invoice + 1 email...that is quite possible. But according to their statement,

She gets one email that informs of the order and another email that contains the "missing" portion of the credit card from the first one.

,my inferences are reasonable and my comparison is correct.

Again, Im not saying you should store the cc info unencrypted, that is just foolish.

I'm saying that if there were a system where you got TWO emails leading to ONE complete CC info, that is inherently more insecure than the unecrypted database.

Or do you want to argue against that situation? Or would you rather foolishly state that I have no clue again?