Does Zencart Database save credit card details?

Printable View

25 May 2009, 11:55 PM
sahail312

Does Zencart Database save credit card details?

Hi,

I'm using website pro and I'm a UK paypal user.

Just wanted to confirm whether customers details are stored on the zencart database using this module as the card type, expiry date and partial (8 digits) of the card number is shown on the order page.

So, is the full 16 credit card number stored or is it just the 8 partial numbers?

I need this information to complete the Privacy Policy.

Thanks!
26 May 2009, 12:27 AM
limelites

Re: Does Zencart Database save credit card details?

Only partial numbers are stored on the ZC database.
26 May 2009, 08:27 AM
schoolboy

Re: Does Zencart Database save credit card details?

Before you even think about storing CC details - even partial details - make sure you are aware of PCI compliance.
27 May 2009, 03:36 PM
dashequestrian

Re: Does Zencart Database save credit card details?

Quote:

Originally Posted by schoolboy

Before you even think about storing CC details - even partial details - make sure you are aware of PCI compliance.

Hi

Is there any way of NOT keeping any of the CC numbers to avoid the need for PCI?

Cheers

Adam
27 May 2009, 03:46 PM
kuroi

Re: Does Zencart Database save credit card details?

Quote:

Originally Posted by dashequestrian

Is there any way of NOT keeping any of the CC numbers to avoid the need for PCI?

Fear not. Unless Schoolboy has knowledge of some specific change to the PCI requirements, I think you'll find that Zen Cart's core code has been very carefully crafted to ensure compliance.

And there are Zen Carts out there in the wild that have undergone external auditing to verify their individual compliance.
27 May 2009, 04:08 PM
Merlinpa1969

Re: Does Zencart Database save credit card details?

even if you dont store cards,
If you use a servce such as linkpoint they still require pci complaince
28 May 2009, 07:03 PM
squashrick

1 Attachment(s)

Re: Does Zencart Database save credit card details?

It looks like the PCI DSS compliance must have changed as the self-assessment questionnaire now includes an eligibility clause that asks you to confirm that 'Merchant does not store any cardholder data in electronic format' (see attached partial screen shot of the questionnaire).

Any thoughts/comments anyone?
28 May 2009, 07:31 PM
kuroi

Re: Does Zencart Database save credit card details?

Quote:

Originally Posted by squashrick

It looks like the PCI DSS compliance must have changed as the self-assessment questionnaire now includes an eligibility clause that asks you to confirm that 'Merchant does not store any cardholder data in electronic format' (see attached partial screen shot of the questionnaire).

Any thoughts/comments anyone?

Those questions are not assessing PCI DSS compliance. They're assessing which assessment path must be taken. Most retail stores don't collect or cardholder information electronically. Unless you sign up for a loyalty scheme, you pay your money and walk away with your purchases, so they don't need it.

Online stores usually have to store some cardholder information. Names and addresses are useful for delivery, and in case of payment or stock query. This doesn't disqualify them from PCI compliance. Just means that they have to take steps to protect that data and therefore the short version of the self-assessment form isn't appropriate.
28 May 2009, 07:49 PM
Merlinpa1969

Re: Does Zencart Database save credit card details?

as long as you are NOT using the STOCK CC module ( shouldnt be using this in the first place )
and you didnt actually hit the store cc details using authorize net ( also NOT advisable ) then you are NOT storing numbers

therefor the short form is acceptable