[left][font=verdana,geneva,sans-serif]When a customer buys something from my store, it automatically sends a confirmation email that shows the user’s full credit card number in plain text. It also shows the expiration date and CVV2 number. [/font][/left]
[left][font=verdana, geneva, sans-serif]This is very bad. [/font][/left]
[left][font=verdana, geneva, sans-serif]All of the other status changes send emails to the customer with the numbers obscured.[/font][/left]
[left][font=verdana, geneva, sans-serif]Why is the initial confirmation email showing their credit card numbers? I’ve gotten complaints from customers that will never shop with us again![/font][/left]
[left][font=verdana, geneva, sans-serif]-Matt [/font][/left]
The CC is encrypted in database, and can only be viewed as admin via the web interface.
You better check for misconfiguration or hacking?
You must have a modification that is showing the wrong order_info field… Normally only the last 4 are shown on anything other than an admin view within the store. I don't believe ANY of the invoices are designed to show the cc number when printed or shown outside the admin view.