Credit card data storage


https://forum.kartris.com/Topic2679.aspx
Print Topic | Close Window

By randyfriend - Wed 18 Dec 2013
Looking at the tblKartrisUsers table, there is a field labeled U_Card_SecurityNumber. Is this the 3 or 4 digit PIN for credit cards? If so, this should never be stored in any database and with most providers a security violation if it is stored.

Can you verify this data and give me details on any additional data stored in the database which pertain to payments? I don't want to use/suggest a cart to anyone if it is going to violate security practices and/or PCI-DSS mandates.
By Mart - Wed 18 Dec 2013
In original versions of Kartris we supported storage of credit card details (that would require PCI compliance at a high level), even though we recommended against this because of the risks involved.

We have not supported this since early versions of Kartris - we now only support third party payment gateways and credit card numbers are never stored in Kartris.

The field you see is most likely a legacy one.
By randyfriend - Wed 18 Dec 2013
Thank you very much for the prompt response and information. This is very good news.