|
By randyfriend - Wed 18 Dec 2013
|
Looking at the tblKartrisUsers table, there is a field labeled U_Card_SecurityNumber. Is this the 3 or 4 digit PIN for credit cards? If so, this should never be stored in any database and with most providers a security violation if it is stored.
Can you verify this data and give me details on any additional data stored in the database which pertain to payments? I don't want to use/suggest a cart to anyone if it is going to violate security practices and/or PCI-DSS mandates.
|
|
By Mart - Wed 18 Dec 2013
|
In original versions of Kartris we supported storage of credit card details (that would require PCI compliance at a high level), even though we recommended against this because of the risks involved.
We have not supported this since early versions of Kartris - we now only support third party payment gateways and credit card numbers are never stored in Kartris.
The field you see is most likely a legacy one.
|
|
By randyfriend - Wed 18 Dec 2013
|
|
Thank you very much for the prompt response and information. This is very good news.
|