credit card module always sends middle digits.
the credit card module always sends the middle digits to whatever email address is defined as the administrators address.
i thought its only suposed to do that if an email address is defined in split cc box.
so if you dont put anything in that box,
you get an error message for every order sent to the admins email complaining that no email address was entered for the split cc (middle) to go to and thus, the transaction will be not be able to process.
however, as i have enabled "store cc number" then the admin can see the cc number and process it, then click mask. zencart claims this is a security risk.
that seems secure enough for me...but this configuration yeilds the annoying error emails, and in the error emails they send the middle digits.
personally, i think storing the middle digits of everyones credit card in my yahoo email address account doesnt seem that safe. after you press mask, the information is gone from the database, and anywhere else. that seems the safest. but then i have to go delete all those emails....
someone set me straight here...
Re: credit card module always sends middle digits.
the number is split so that the entire number is NOT stored in the database,
you also need the CVV which has to be emailed as its NOT legal to store this number inthe DB under any circumstances.
and the middle numbers are worthless,
the first 4 are card type and the last 4 are the identifiers.
Re: credit card module always sends middle digits.
well the cvv is stored in the db in an encrypted format.
it just seems too tedious to have to check 2 places for each order to get the number.
is this really how everyone does it?
what if they have hundreds of orders a day?
Re: credit card module always sends middle digits.
I am also experiencing this problem. We are using rsa encryption which I feel is secure. However, if I leave Split Credit Card Email Address field blank I receive error messages with a warning.
What is the appropriate way to stop zencart from sending these error messages?
Thanks!
Re: credit card module always sends middle digits.
the way to stop sending the emails is to stop trying to beat the system,
If your getting enough business that its too time consuming to use the split then get a real merchants account and gateway
Re: credit card module always sends middle digits.
Every credit card processor I've ever spoken with REQUIRES cc #s to be split. And if someone hacks your Admin, all those orders will NOT be protected anymore. Sending some cc digits to email addys insures a higher level of security, even to the inconvenience of store owners.
To change the ZC way of processing credit card orders is inviting trouble further down the road. Security should be a major concern for all store owners as everyday hackers find more ways to undermine yesterday's security standard.
Re: credit card module always sends middle digits.
I completely agree that security is of the utmost importance and I'm not trying to beat the system.
In order to access any of the credit card info on the site, an administrator must upload a 1024 bit encrypted private key. This way, even if somebody hacks the site there is no access to the credit cards.
The user can log in, upload the key, and access credit card number instead of juggling e-mails.
There is nothing wrong with also sending the e-mail, but in this case it is superfluous.
Is this method less secure than splitting up the CC number?
Re: credit card module always sends middle digits.
ashain: Not everyone knows how to use the linux private key, not every can use it (share host)
And even with private, if the hacker can hack into your host server, it doesnt really matter anymore. This practice is REQUIRED by the laws in some areas, and some host may even refuse it (and force you to use merchant account)
Re: credit card module always sends middle digits.
Did I miss something here? When did emails become a secure place to expose CC #s? I was aghast when I saw this!
Re: credit card module always sends middle digits.
to make a long story short, we have hughes mail. They have a lot of problems with the middle digits coming through there system, but they are currently trying to fix it, so the emails still need to go through them so they can tell what the system is doing. In the mean time i need those digits. Is there any way i can have those middle digits sent to a second email address also?
Thanks
Casey
Re: credit card module always sends middle digits.
Admin > E-Mail Options : gives you options for sending copies to another address.
Re: credit card module always sends middle digits.
Actually, setting the email address for the CC module to send the middle digits somewhere must be done from the CC module itself.
And, it presently only allows for the entry of a single email address.
One workaround would be to set up an email "forward" alias in your hosting account. Then send emails to that alias. You can set up the alias so that *it* does the forwarding to multiple destinations. Or you could just send to a different address altogether if that address is not having the problem your current one's having.
Re: credit card module always sends middle digits.
thanks for the responses. I will give it a shot dr byte but not sure if that will work because my email service is not getting the emails. Hopefully though they think they are about to solve the mystery. I believe that there spam filter within hughes was blocking this email, thinking it looked like spam. Hopefully it will solve the problem.
Thanks again,
Casey
Re: credit card module always sends middle digits.
Is there some reason for not using eMail addresses within your Hosting account instead of Forwarding somewhere else?
eMail problems can be the most difficult of problems to sort out and Forwarding eMails will add another level of complexity; usually making it very difficult if not impossible for your Hoster to help correct.
And even if your Hoster has a Spam filter, most will not cause any problems for eMail sent from: local address to: local address.
