Is displaying a user's credit card number back to them on the order confirmation page secure?

1 reply [Last post]

Thu, 09/03/2009 - 19:58

Offline

Joined: 02/18/2009

Juice: 92

When using ubercart with an ssk cert, secure pages and a payment processor like authorize.net and the credit card payment option, the user's credit card number, and cvv, and address are all displayed back to the user on the "order confirmation" page.

Is that safe and secure?

Sat, 09/05/2009 - 10:35

#1 View page

TechnoBuddhist

Offline

Joined: 09/01/2009

Juice: 9

Re: Is displaying a user's credit card number back to them on th

I *believe* that as long as the connection is via https then the page is encrypted and so should be safe from snooping on the way to the client browser.

You'd have to be careful though about caching on the browser! I don't know if https pages are cached or not by browsers, and there is always scope for browsers to change or users to change the preferences. If it's on a shared/public computer then it's a recipe for disaster.

Thinking about all the transactions I've done online, I've never seen my card details returned in full(and never in an email), probably for the caching issue.

IMHO, it's NOT safe.

Ubercart

Navigation

User login