The customer checkout form stores the CC number in the uc_payment_credit table so it can be reviewed at the Review Order page. I'm assuming this is safer than placing that information in the $_SESSION var.

When the customer clicks "Submit Order", this is when the payment gateway is called and the $order var is created, which pulls the CC information from the DB. Upon a successful transaction, the CC number can be truncated in the DB so you only keep the last 4 digits and exp date per Admin settings. Upon an unsuccessful transaction (i.e. 'Declined'), the customer is sent back to the Review Order page.

The CC number is stored in the DB to the customer does not have to reenter it every time something goes wrong in that transaction. Should the customer then decide to leave the store without fulfilling the order, they have essentially left the credit card there until our CRON can come by and "cut it up."

I understand why this is, but I am not a fan of keeping any CC number on file, no matter how long. I would love to get the perspective of one of the Uberdudes on this.

Is there a way we can ensure that the CC number is removed from the DB when the session ends or even securely keep that information in a session or passed through a form so it essentially "disappears" when the customer leaves if we don't want to store it?

Chris

I have a couple threads bookmarked to revisit related to CC number security... tP's passed on some stuff for CC number encryption that I hope to review and apply. I still need to review the line item API before I move on to the encryption things.

That said, looking at uc_credit_cron() leads me to believe that CC details will be wiped on a cron run based on your anonymous cart duration settings. Perhaps it should just be hardcoded to wipe details after an hour.

Cool, I hope you can use them. (I can empathize with your ever-growing pile of Stuff To Do).

One thought I had (and as Chris eluded to) was, when a card is declined, just don't hold it in the form or in the $order object. I understand that's probably somewhat of a major workflow change (but I could be wrong). But I think a cc number should be kept and stored in the db only upon success.

(This is how a lot of other online merchants do it - when the numbers don't match they just blank out the form and tell you to try again..)

This actually is a critical flaw as most of us, if not all, are required to be PCI compliant. In the self-assessment questionnaire (http://www.usa.visa.com/merchants/risk_management/cisp_merchants.html?it=c|/merchants/risk_management/index.html|Merchants), 3.5 states the following - Are account numbers (in databases, logs, files, backup media, etc.) stored securely - for example, by means of encryption or truncation?

Please note, I am new to ubercart and just started looking into it. I am a developer and like to help, but not sure where to start yet.