On Jun 4, 2009, at 11:59 PM, Scott Gray wrote:
Hi All,
I plan to add a configuration option to clear credit card data once
there are no more auths pending against it. When I say clear the
data I mean remove the expiry date and credit card number except for
the last 4 digits.
Any thoughts on where this should be configurable/how it should be
implemented? I think the card clearing logic may have to be
specific to the gateway being used, e.g. authorize.net needs you to
keep the last 4 digits for refunds but others may not.
I'm thinking perhaps I could add a new product store payment service
type enumeration record, something like PRDS_PAY_CLEAR_DATA and the
defined service would run after the capture and release services.
That sounds pretty complex, and I'm wondering if the complexity is
needed. I guess to really answer more research would be required, or
maybe not. Keeping the last 4 digits should be pretty safe, although
these days I suppose that could be valuable information for a hacker
since for authentication over the phone banks and others generally
just ask for the last 4 digits of your government ID#, the last 4 of
your CC#, etc.
Anyway, it would be more consistent and more simple to just have a
setting on the ProductStore, and perhaps one with 3 options: keep CC
#s, keep only last 4 digits of CC #s, don't keep CC #s.
Recurring billing is the other thing I'm not sure about, I guess I'd
need to leave the card data alone in that case but I've never worked
with recurring payments so I'm not sure how I would detect if the
card is being used for them.
If an organization wants to avoid keeping CC #s then it will certainly
limit certain otherwise automated things. Recurring orders or
recurring billing would be something that is not possible, unless a
third party payment provider is used that keeps the CC #. This is
actually one of the very appealing things about services like PayPal
or GoogleCheckout where the ecommerce site doesn't ever even accept
payment information.
In fact, for anyone who wants a feature like (ie remove CC numbers
after use), they might consider using a third party payment site
instead of the more transparent option of handling it through their
application.
-David
