 |
UbercartOne cart to rule them all... |
|
| Donate | Affiliates | Sponsors | ||
How does Ubercart handle credit card info?
Submitted by venkat-rk@drupal.org on Thu, 07/10/2008 - 10:36
A potential client asked the following today: "What type of security will customers have when they enter in their credit cards numbers, paypal account info, etc." Does Ubercart actually store the credit card number somewhere? If so, how does it handle the security aspect? Does it vary based on the payment processor used - that is ones that redirect and ones that don't (real-time gateways) etc?
Please refer to the documentation here for an overview. If you have any further specific questions, I can try to answer. You might also just search for "PCI DSS" on the forums, though that might turn up a lot of development discussion, too. Thank you for the link:-) Would this be a good summary of credit card data info handling in Ubercart to tell a non-technical person? 1.) Credit card numbers are stored in an encrypted form in the database On another note, since cc numbers are not stored, I presume Ubercart doesn't handle recurring payments? Close... it looks like you're combining various properties of the debug mode with normal mode. In normal mode, 1 won't apply except for the split second it's in the customer's session between the checkout form and the review page load. For transmission and storage in form, it's always encrypted as in 2. 4 only applies for debug mode, since as you mention in 3 normal orders don't store data beyond the last 4 digits. 5 is correct. I know it can be confusing, so thanks for taking the time to read and summarize things. As for recurring fees, the module in Ubercart lets you attach these to products. It relies on a handler to setup the recurring fees with your payment gateway, but it also provides a default handler that will store encrypted CC data for processing the fees. This default handler is pretty limited, though, and not recommended for serious large scale use.
|
|
Joined: 03/19/2008