Offline Credit Card Orders

**mpresley** · 22 Aug 2009, 12:18 AM

I do not see the security of the offline cc process where you enter an email adress and two emails are sent one with first 4 and last 4 and the other with the middle 8. But you can't view the whole thing in an encrypted admin module.

Way easier to hack intop un unencrypted email account than to hack into the encrypted admin module.

**mpresley** · 22 Aug 2009, 12:31 AM

The more I think about this the less sense it makes. I get an order confirmation with first 4 and last 4 with all the customer info, what they order their billing and shipping addresses and then I get a second email with the order number and the middle 8 digits.

Sending any of this information to an email address is very bad, let alone all of the information. But somehow it is not allowable to view the whole creditcard number in a secure admin panel.

What genius thought of this?

**mpresley** · 22 Aug 2009, 12:39 AM

Here are the instruction for setting up and the explanation of why:

https://www.zen-cart.com/tutorials/index.php?article=67

How is sending this info out in email is an acceptable alternative?

**DrByte** · 22 Aug 2009, 12:40 AM

Good points. So ... don't use it then! It's not suitable for everyone, and in my opinion should be used by nobody.

If you're not happy with the security of that method, simply use another method that suits your needs and comfort levels better. There are many great gateway services out there for you to use, which offer much greater security than something that gives you the number to process yourself.