Welcome to Vortx Community Forum, where you can ask questions and receive answers from the staff at Vortx and other members of the community.

If you had a user account on our previous forums website, you will need to register a new account here.

Learn more about...

AspDotNetStorefront
DotFeed

viewing credit card numbers in admin

i have StoreCCInDB set to true and AdminCanViewCC set to true for a customer's order but when i view their order in the admin it says credit card is "Not Stored".

i also looked in the database at this order and i can see that the cardnumber field is NULL   when i look at a different order where the card number is stored, i see that the cardnumber field is filled in (its encrypted, but it is filled in).

another weird thing.....for this order, i am pretty sure that the cardnumber field was filled in about an hour ago and then when i looked in the database again just now it is now NULL.  so it seems that for some reason the cardnumber got deleted.

has anyone else experienced anything like this?  any idea why the cardnumber field is getting deleted?
asked Dec 2, 2013 in MultiStore by jkeough78 (185 points)
edited Dec 2, 2013 by Vortx ScottS
i actually just found out that when i click the "reset cache" button in the admin, the cardnumber field gets deleted and set to NULL.  is that supposed to happen?

2 Answers

0 votes

Under your admin account do you have Can View Credit Card checked?

answered Dec 3, 2013 by Skriver (2,345 points)
0 votes

If you have the AppConfig StoreCCInDb set to 'true' and your admin login has 'Can View Credit Card Numbers' then you would have encrypted credit cards being stored on both the customer address record and the order, and the number would be viewable in the Billing section of the order.

There is a stored procedure in the database called aspdnsf_PABPEraseCCInfo that will clear credit card numbers, but it does not get called by the reset cache in the admin (in 9.4).  But if somehow this is getting called on your site, be it on reset cache or not, you're going to lose those numbers.

You could modify the stored procedure to only clear those numbers on orders where they have been shipped.  Modify the two lines in aspdnsf_PABPEraseCCInfo as follows.

Change

update dbo.orders set CardNumber='1111111111111111' where CardNumber is not null
update dbo.orders set CardNumber=NULL where CardNumber is not null
 
to
 
update dbo.orders set CardNumber='1111111111111111' where CardNumber is not null and ShippedOn is not null
update dbo.orders set CardNumber=NULL where CardNumber is not null and ShippedOn is not null
 
Not knowing the exact version of AspDotNetStorefront you're on, I'm reticent to post an ALTER PROC script.
 
Also, I'd be reticent if I didn't say that storing credit card numbers is highly discouraged.
 
answered Dec 3, 2013 by Vortx Joe (550 points)
...