Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Showing Credit Card Info in Customer Emails Rate Topic   - - - - -

 
  • plinkplink
  • Member
  • Members
  • Join Date: 25-Apr 10
  • 156 posts

Posted 05 April 2012 - 11:12 PM #1

When a customer buys something from my store, it automatically sends a confirmation email that shows the user's full credit card number in plain text. It also shows the expiration date and CVV2 number.


This is very bad.


All of the other status changes send emails to the customer with the numbers obscured.


Why is the initial confirmation email showing their credit card numbers? I've gotten complaints from customers that will never shop with us again!


-Matt


My site: 3-Ring Binders and Organization at UniKeep.com.

 
  • kogi
  • Senior Member
  • Members
  • Join Date: 16-Aug 07
  • 617 posts

Posted 06 April 2012 - 03:07 AM #2

The CC is encrypted in database, and can only be viewed as admin via the web interface.

You better check for misconfiguration or hacking?

Attached Thumbnails

  • Capture.PNG

find / -type f -name '*.base' -exec chown kogi.kogi {} \;

 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11383 posts

Posted 07 April 2012 - 07:30 PM #3

You must have a modification that is showing the wrong order_info field.... Normally only the last 4 are shown on anything other than an admin view within the store. I don't believe ANY of the invoices are designed to show the cc number when printed or shown outside the admin view.

EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.