> Has there been any integration of credit card CCV numbers into IC or
> should I just save it as a normal field in the orders database?
Some of the payment gateway modules support it, and others don't. I've
used it with Verisign. To find out which others (more or less):
grep -rl CVV2 lib/Vend/Payment
However, a big warning: Do not ever save the number unencrypted to disk.
In fact, you're not supposed to save it to disk at all, even encrypted,
according to most credit card company contracts. Some I've read say they
will cancel your account immediately if they find out you've saved the
CVV2 number, even if encrypted.
The only way it's supposed to be used is passed in real-time from the user
to the payment gateway, which returns a code saying whether it matched or
not. But you're really not supposed to save it for future use, even for
the sale in question.
Jon
I should have given more information on how I'm processing cards. I use the standard IC facilities to encrypt the CC info via GPG and have it emailed to me, then I process it via a virtual terminal. I was wondering if the CVV info had been incorporated into that encrypted block along with the account number and expiration date. The reason for all of this is PayPal's virtual terminal requires the CVV info so I need to start collecting it right away. - Grant _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.