Re: Clearing credit card data after capture

Fri, 05 Jun 2009 02:03:24 -0700 

Thanks Tim,
If I'm not wrong I think the payment.properties file is deprecated in favor of PaymentGatewayConfig and the PaymentGateway* entities. I could put the flag on the ProductStore entity but if I did it would probably need to perform the same function regardless of the processor being used. 


If I put a flag on the applicable PaymentGateway* entities, then the  
service to clear the card data would need to be called from within the  
capture and release implementations for each processor.  I could call  
the service asynchronously to avoid affecting the outcome of the  
transaction being processed.  I think I prefer this method of the two.


Regards
Scott

On 5/06/2009, at 6:09 PM, Tim Ruppert wrote:


I'd probably put the configuration on the product store - or in the  
payment.properties file.  The store because that's where you  
configure when to do the capture - payment.properties because many  
of the processors might not support being able to.


Cheers,
Tim
--
Tim Ruppert
HotWax Media
http://www.hotwaxmedia.com

o:801.649.6594
f:801.649.6595

----- "Scott Gray" <[email protected]> wrote:


Hi All,

I plan to add a configuration option to clear credit card data once

there are no more auths pending against it.  When I say clear the  
data


I mean remove the expiry date and credit card number except for the
last 4 digits.

Any thoughts on where this should be configurable/how it should be
implemented?  I think the card clearing logic may have to be specific

to the gateway being used, e.g. authorize.net needs you to keep the
last 4 digits for refunds but others may not.
I'm thinking perhaps I could add a new product store payment service

type enumeration record, something like PRDS_PAY_CLEAR_DATA and the
defined service would run after the capture and release services.

Recurring billing is the other thing I'm not sure about, I guess I'd

need to leave the card data alone in that case but I've never worked


with recurring payments so I'm not sure how I would detect if the  
card


is being used for them.

Any thoughts would be appreciated.

Thanks
Scott

HotWax Media
http://www.hotwaxmedia.com





Attachment:
smime.p7s

Description: S/MIME cryptographic signature






















					Reply via email to