Magento

hi,

Did anyone manage to figure out a way to store the CVV number?
I got it to show from the admin settings but it’s not storing the data in the order page in my shop.
We need to store this number to process the card manually.

Does anyone know of any tips/info on how to do this?

Hi, did yo have any luck with this? I could do with knowingg too

Capturing / Storing the CVV number is highly illegal under the PCI DSS.

It is against credit card policy to EVER store the CVV CVS numbers of any credit card.  That is the purpose of that number to help against fraud in case database with credit card number gets hacked - they do not have the CVV number.

As far as I am aware this is not illegal within the UK and regardless it is a major requirement can some1 please advise me on how to store CVV numbers for a matter of minutes encrypted otherwise we have to scrap Euro payments and subsequently Magento.

Please help and please, please, please don’t start posting about the legality of this I just need to know how to do it.

Thanks for your help in advance,

Phillip Hughes

Phillip, check out…
http://magentowebdev.blogspot.com/2009/01/part-4-script-package-with-caveats.html

It works very well in 1.2.0.?

Hi there

I’m keen to know about it too please.

That link doesn’t work for me Colin. Do you have any more information about it?

Thanks in advance.
JWB

Paddle74 is right. Storing CVV2 numbers is definitely not allowed by the card companies.

See https://www.pcisecuritystandards.org/security_standards/pa_dss.shtml and in particular the PDF doc at https://www.pcisecuritystandards.org/pdfs/pci_pa_dss.pdf

Shaun if you read those documents to which you refer, you’ll find that the cvv2 (and other) numbers should not be stored AFTER AUTHORISATION.

Both the original poster and I need a method to securely present the number at the processing stage, AFTER WHICH those best practices say that it should not be stored.

Thanks

So let’s move on about if it’s legal or not. Fact is that a lot of people need to have the CVV displaying in the backend. It involves personal responsability to keep it or delete it, period. Stop playing police.

If anybody could give a solution to this matter, it would be much appreciated.
I guess the best way would be to get the CVV to display in the order page with the payment info.

Thanks in advance.

Would any of those present be prepared to chip in to pay for such a system?

What I’m thinking of is a that the code is stored encrypted waiting for use in authorisation. Then a link is present in the order email that comes in for processing. That link opens an ssl encrypted browser window where the viewer can see all data and then the viewer will click the link to signal authorisation complete. At that point the system will delete the code from the system, and move on to any other orders present, until everything is up to date.

This complies with all the documentation I’ve read, and is taking good care to ensure that client data security is not compromised.

Anyone who wants to chip in, let me know.
Thanks.

jwb - 22 April 2009 07:15 PM

Then a link is present in the order email that comes in for processing.

Stop it right there! Does Magento actually sends emails to the admins for processing? I can’t seem to find that setting.

It sends order emails. You can customise them to put in what you want.

Was an answer ever found to this?

I have the CVV code stored to the database in encrypted form but cannot get it to display in the admin when viewing an order.

Hi

We’re going to do this as part of our current project but haven’t got to that stage as yet.

Tkx

I also need this method, has anyone figured it out and willing to share the knowledge??

Will this enable me to capture all the relevant details so that i can manually process orders then delete any illegal info????

I have the CVV code being stored in the database but cannot figure out the proper call to get the data to display on the template.