I’ve searched on this and think that numbers are not supposed to be stored, but they are in my case. I’m not sure if this is a bug or what…
I am using Payflow Pro and the card is processed when the order is placed. My orders are set to “Processed” when the customer completes checkout. In the admin, “Processed” has the setting for “remove cc info” checkmarked. The “Completed” status also has “remove cc info” checkmarked. Yet, the cc info is stored with each order. If I manually click the “remove cc info” button, it goes to a screen that says “Processing Order #…” and then redirects back to the orders page. The CC info is still there. If I manually switch an order to “Completed” the cc info remains. There doesn’t seem to be any way to get rid of it. Is this happening to anyone else?
Also, were is this stored in the mysql database? I’d like to go delete it there in the mean time as I don’t feel comfortable with this information sitting on my server.
Hi Ogia, under order statuses:
/admin.php?dispatch=statuses.manage&type=O
you can check the “Remove CC info” checkbox to remove the CC# automatically when an order is successfully processed, you can also manually remove the CC# on the order details page.
That’s the problem… I already have the box checkmarked and it doesn’t remove the cc info. Also, when I do it manually from the order details, it redirects to a page that says it is processing the order and when it returns, the cc info is still there.
[quote name=‘ogia’]That’s the problem… I already have the box checkmarked and it doesn’t remove the cc info. Also, when I do it manually from the order details, it redirects to a page that says it is processing the order and when it returns, the cc info is still there.[/QUOTE]
wow that’s weird, let me check on a test installation and see if I get the same error, Thanks - Sno
I went in and checkmarked ‘remove cc info’ for the Open status and then customers started getting failed orders that said ‘invalid credit card number’. And the credit card info was STILL stored.
Where is this info in the mysql database? I’d like to get rid of it in the mean time and I can’t find it.
Okay - I think I’ve figured this out. I was confused because in my old cart, stored credit card numbers looked the same as so-called removed cc info in CS-Cart. I am pretty sure that the cart is not storing numbers unless the transaction fails.
I’m still wondering where this is in the mysql database if someone can help me out with that…
Anyone know where the credit card information is stored in the database? I’ve tried searching through the tables without any luck so far.
I don’t know what table off the top of my head, bu wherever it is it will be encrypted beyond recognition…
The credit card number is stored in encrypted form in the table order_data. Look for the record with type ‘P’ for the order you’re interested in.