payflow pro - how can I stop display of card number?

**fvb** · 2 Jun 2010, 02:28 AM

[FONT=Calibri]I running zencart 1.3.8a (will be upgrading soon)[/FONT]
[FONT=Calibri]We have had a few customer complain that there CC number shows up on step 3 of 3 of the order conformation [/FONT]
[FONT=Calibri]Is there any way to turn that off?[/FONT]

**Kim** · 2 Jun 2010, 09:26 AM

On the confirmation page, there should only be a partial number showing - Are your customers saying the whole number is shown? What Payment gateway are you using?

**fvb** · 2 Jun 2010, 01:37 PM

Originally Posted by Kim

On the confirmation page, there should only be a partial number showing - Are your customers saying the whole number is shown? What Payment gateway are you using?

its a partial number, but I guess some customer do not like that, and view it a a security risk

we are useing PayPal Pro

**DrByte** · 2 Jun 2010, 03:43 PM

The partial numbers (4 starting digits and 4 trailing digits) are acceptable according to official credit card industry regulations, and do not pose any quantifiable security risk.
However, if you are running your site *without* SSL (ie: using https:// URL) then you have a completely different and very real security problem.

**fvb** · 2 Jun 2010, 06:33 PM

Originally Posted by DrByte

The partial numbers (4 starting digits and 4 trailing digits) are acceptable according to official credit card industry regulations, and do not pose any quantifiable security risk.
However, if you are running your site *without* SSL (ie: using https:// URL) then you have a completely different and very real security problem.

we have SSL, just would like to remove the partial numbers to make our customer (who do not know the official credit card industry regulations) feel more comfortable

**DrByte** · 2 Jun 2010, 06:38 PM

Is this just one one-time customer complaining or is this hundreds of repeat customers complaining?

**fvb** · 3 Jun 2010, 12:18 AM

Originally Posted by DrByte

Is this just one one-time customer complaining or is this hundreds of repeat customers complaining?

maybe a half dozen... so far
I take it this is something that I can't turn off?

**DrByte** · 3 Jun 2010, 12:35 AM

Sure, feel free to hack the following out of the code ... just remove these lines, around line 375:

Code:

                                            array('title' => MODULE_PAYMENT_PAYFLOW_TEXT_CREDIT_CARD_NUMBER,
                                                  'field' => substr($_POST['paypalwpp_cc_number'], 0, 4) . str_repeat('X', (strlen($_POST['paypalwpp_cc_number']) - 8)) . substr($_POST['paypalwpp_cc_number'], -4)),

I fundamentally believe it's wrong to do that, because the whole reason for partial card number to be shown on the confirmation screen is simply to remind the customer which card you're about to charge as per their request. I think their concerns are unfounded paranoia. But if that's the kind of clientele you attract, then of course you'll want to avoid their fears in order to capture the sales.

**fvb** · 4 Jun 2010, 02:00 PM

Originally Posted by DrByte

Sure, feel free to hack the following out of the code ... just remove these lines, around line 375:

Code:

                                            array('title' => MODULE_PAYMENT_PAYFLOW_TEXT_CREDIT_CARD_NUMBER,
                                                  'field' => substr($_POST['paypalwpp_cc_number'], 0, 4) . str_repeat('X', (strlen($_POST['paypalwpp_cc_number']) - 8)) . substr($_POST['paypalwpp_cc_number'], -4)),

I fundamentally believe it's wrong to do that, because the whole reason for partial card number to be shown on the confirmation screen is simply to remind the customer which card you're about to charge as per their request. I think their concerns are unfounded paranoia. But if that's the kind of clientele you attract, then of course you'll want to avoid their fears in order to capture the sales.

I guess I agree with you,
thanks for the input, and the option to disable it
now I just have to decide what to do

**gjh42** · 4 Jun 2010, 02:19 PM

Or you might want to do as some stores do and show only the last four numbers. This will still let the customer know which card is being used.

PHP Code:


                                            array('title' => MODULE_PAYMENT_PAYFLOW_TEXT_CREDIT_CARD_NUMBER,
                                                  'field' => str_repeat('X', (strlen($_POST['paypalwpp_cc_number']) - 4)) . substr($_POST['paypalwpp_cc_number'], -4)),

You might change the Xs to something like "card ending with ".

Thread: payflow pro - how can I stop display of card number?

Thread Tools

Search Thread

Display

payflow pro - how can I stop display of card number?

Re: how to remove credit card number from showing in order process

Re: how to remove credit card number from showing in order process

Re: how to remove credit card number from showing in order process

Re: how to remove credit card number from showing in order process

Re: how to remove credit card number from showing in order process

Re: how to remove credit card number from showing in order process

Re: how to remove credit card number from showing in order process

Re: how to remove credit card number from showing in order process

Re: how to remove credit card number from showing in order process

Similar Threads

Stop storing Credit Card Number in Database

Payflow Pro (new Module) problem with card validation

Bookmarks

Bookmarks

Posting Permissions