Payment Account Data Storage - Turn Off

For general questions and discussions specific to the AbleCommerce 7.0 Asp.Net product.
Post Reply
DonAshby
Commander (CMDR)
Commander (CMDR)
Posts: 172
Joined: Mon Oct 15, 2007 2:53 pm
Location: Palo Alto, CA
Contact:

Payment Account Data Storage - Turn Off

Post by DonAshby » Wed May 14, 2008 4:24 pm

Hi Everyone,

Does anyone know how to set the Dashboard to NOT save Credit Cards in the Payments section. We are using PayFlow Pro and it is staying there. If we turn it all off, will it still work and capture allowing us to charge them a few days later once we ship?

We set the days to save at 0 but we did check Enable Credit Card Storage .... not sure what this mean. ? Are these conflicting statments? Can someone clarify this?

Thanks, Don :)

*******************************
Payment Account Data Storage
Settings saved.

After a payment is successfuly processed, how many days would you like to retain associated account details (e.g. credit card numbers)? The most secure option is to not save (0), but you may need to retain the details for post order processing. Days to Save: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
When credit card storage is enabled, encrypted card data is saved in the database according to setting above. If you choose not to enable storage of account data, credit card numbers will never be saved to the database under any circumstance. Enable Credit Card Storage:

User avatar
AbleMods
Master Yoda
Master Yoda
Posts: 5170
Joined: Wed Sep 26, 2007 5:47 am
Location: Fort Myers, Florida USA

Re: Payment Account Data Storage - Turn Off

Post by AbleMods » Thu May 15, 2008 7:32 am

Don, yes they are conflicting statements. Personally, if the enable checkbox isn't checked, the "days to store" dropdown shouldn't even be available to the admin user.

Remember that the credit card storage feature only applies once the payment has been successfully processed. So until the payment has been processed i.e. Captured, voided, refunded etc the information will still be stored.

To ensure maximum security with credit card information, set the Days to Store... to "0" and uncheck the Enable Credit Card Storage checkbox. The system will still store CC info long enough for you to capture the payment or void the authorization - there's no avoiding that. But once you've successfully accomplished either of those actions, the CC info will be removed from the system.

Originally I thought I needed to keep it 30 days or so to accomodate refunds, partial refunds etc. But that isn't the case - the system can use transaction IDs to accomplish this, or you can just log into whichever gateway merchant account you have and issue the refund from there.
Joe Payne
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com

DonAshby
Commander (CMDR)
Commander (CMDR)
Posts: 172
Joined: Mon Oct 15, 2007 2:53 pm
Location: Palo Alto, CA
Contact:

Re: Payment Account Data Storage - Turn Off

Post by DonAshby » Thu May 15, 2008 10:06 am

Hi Joe,

Thanks for the info. It seemed clear the first time when I set it to 0 but left the box checked... But then I see these old CCs in the dashboard ( not good ). Is there an easy way to purge them? I guess we can just go into the database and do it.

I just wanted to make sure that unchecking would still let me capture today, settle in 3 days and refund later. But I guess the refund wont work as you said that once you capture, the card info goes away from the dash but you can still settle with the connections to PayFlow Pro for CCs.

Don

User avatar
AbleMods
Master Yoda
Master Yoda
Posts: 5170
Joined: Wed Sep 26, 2007 5:47 am
Location: Fort Myers, Florida USA

Re: Payment Account Data Storage - Turn Off

Post by AbleMods » Thu May 15, 2008 10:13 am

Check with Able, but I think there's a purge process that runs on a specific schedule. My thinking is once you turn it "off", eventually they'll get purged and the system will 'catch up' to the new setting you specified.
Joe Payne
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com

DonAshby
Commander (CMDR)
Commander (CMDR)
Posts: 172
Joined: Mon Oct 15, 2007 2:53 pm
Location: Palo Alto, CA
Contact:

Re: Payment Account Data Storage - Turn Off

Post by DonAshby » Thu May 15, 2008 11:30 am

Ok Thanks Joe,

Can someone at Able answer this? Will they purge over time? And can we do returns via the dashboard if it is turned off?

If it is turned off, does it delete the record RIGHT after it gets PayFlow Pro Approval?

Recommendations?

Don :?:

User avatar
Logan Rhodehamel
Developer
Developer
Posts: 4116
Joined: Wed Dec 10, 2003 5:26 pm

Re: Payment Account Data Storage - Turn Off

Post by Logan Rhodehamel » Thu May 15, 2008 11:58 am

This is covered in the PCI guide.

If you have a payment processor in place, the most secure setting is to uncheck "Enable Credit Card Storage". When this is not checked, data is NEVER written to disk (database). The card data is collected from the customer at checkout time and is only held in memory for purposes of sending to the payment gateway.

In this scenario, if the payment goes through successfully, you will be able to do all post-order processing from within the Admin console. If the payment does not go through successfully, you will be able to see why but the card data will not be present.

If you enable credit card storage, that is when the days to save comes into play. Joe is right, we should not show this dropdown when card storage is disabled. This is the number of days the card data is retained after a payment is placed into a completed stage (captured, voided).

Personally, if it were me, I'd turn off card storage and install the patch I produced to help customers solve failed payments. There's not a great reason to save card data - none of the modern processors require the number post-auth. Only one of them that we support requires the whole card number for refunds.
Cheers,
Logan
Image.com

If I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.

User avatar
AbleMods
Master Yoda
Master Yoda
Posts: 5170
Joined: Wed Sep 26, 2007 5:47 am
Location: Fort Myers, Florida USA

Re: Payment Account Data Storage - Turn Off

Post by AbleMods » Thu May 15, 2008 12:36 pm

Logan Rhodehamel wrote:Personally, if it were me, I'd turn off card storage and install the patch I produced to help customers solve failed payments...
That's the direction I'm heading now. The only really solid reason for me holding onto card info was to save customer hassle when calling about problem payments. Others may want to hold onto it for post-order stuff, but not me.

If the customer can have the opportunity to fix the problem themselves, my need for post-order CC info disappears entirely.
Joe Payne
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com

User avatar
Logan Rhodehamel
Developer
Developer
Posts: 4116
Joined: Wed Dec 10, 2003 5:26 pm

Re: Payment Account Data Storage - Turn Off

Post by Logan Rhodehamel » Thu May 15, 2008 1:08 pm

I have moved and stickied this post. It really didn't belong in "feature requests". This is the card validation patch mentioned.

viewtopic.php?f=42&t=6857
Cheers,
Logan
Image.com

If I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.

Post Reply