Yes I have to agree Philip ... This is not only a very high risk because it encourages hackers to break in to obtain this valuable information and in my opinion it is only asking for trouble.
Looking at the business process of re-authorizing the card in case of refunding the customer. I am confident there is a way of covering 're-authorise the card' rather than storing credit card details. Or at least giving the shop owner a way of stopping storing credit card details as I know I and many other will not use this feature because of the obvious dangers involved. Thanks Phil > -----Original Message----- > From: Jacques Le Roux [mailto:[EMAIL PROTECTED] > Sent: Monday, 22 October 2007 5:58 PM > To: [email protected] > Subject: Re: Ofbiz and saved credit card info > > De : "Phillip Rhodes" <[EMAIL PROTECTED]> > > > > Hi everyone, > > > > It appears that ofbiz is saving credit card information. While there is > sometimes a business need to do this, very often, there > is not. For example, with cybersource and verisign, all you need to store > is the authorization code. With the authorization code, > you can perform settlements, and returns. Of course, there could be an > back-office process that runs credit cards, so it would be > necessary in that case. > > > > I am bringing this issue up because holding this information is a risk. > It would be nice if ofbiz could provide a means by which > organizations would be able to opt out of having credit card information > stored for their customers. > > This is an interesting idea, but you should also consider that if for any > reasons you need to re-authorise the card you will not be > able to (there are some cases you will need to do that : amount change - > not able to deliver all -, etc.) > > YMMV suiving your payments provider (though I guess an auth is not a re- > auth everywhere in the world) > > Jacques
