Why store it at all? Once you have the auth you don't need the cc# to do a capture. I suppose you might need it for a reauth, but I believe you can even accomplish that with the original authorization.
Vince Clark [email protected] (303) 493-6723 ----- Original Message ----- From: "Scott Gray" <[email protected]> To: [email protected] Sent: Thursday, June 4, 2009 11:59:44 PM GMT -07:00 US/Canada Mountain Subject: Clearing credit card data after capture Hi All, I plan to add a configuration option to clear credit card data once there are no more auths pending against it. When I say clear the data I mean remove the expiry date and credit card number except for the last 4 digits. Any thoughts on where this should be configurable/how it should be implemented? I think the card clearing logic may have to be specific to the gateway being used, e.g. authorize.net needs you to keep the last 4 digits for refunds but others may not. I'm thinking perhaps I could add a new product store payment service type enumeration record, something like PRDS_PAY_CLEAR_DATA and the defined service would run after the capture and release services. Recurring billing is the other thing I'm not sure about, I guess I'd need to leave the card data alone in that case but I've never worked with recurring payments so I'm not sure how I would detect if the card is being used for them. Any thoughts would be appreciated. Thanks Scott HotWax Media http://www.hotwaxmedia.com
