Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Page 2 of 4
Storing CVV information for manual credit card payment
 
TolputtKeeton
Member
 
Total Posts:  54
Joined:  2008-09-28
 

So is there a way to add a link in the order notification email to the order details and billing details on a secure page so that we cna process the payment then click a button to delete the details?

 
Magento Community Magento Community
Magento Community
Magento Community
 
gfawce1
Member
 
Total Posts:  31
Joined:  2008-11-15
 

send cvv cvv2 code e-mail email transactional e-mail

There is a way in which you can send the cvv2 code in the new order e-mail that can be cc’d to the store owner set in the system > config settings.

This ensures that if you’re using offline payments you can safely store the encrypted credit card number without having to store the CVV2 code. It IS against PCI regulations to store the CVV2 code after the authorisation. To “store” the CVV2 code includes storing it in a database or any other way including in an e-mail or even if you just happen to write it down! So, the store owner is duty bound to delete the e-mail with the CVV2 code once the transaction has been processed.

To add the CVV2 code to the order e-mail go to /app/design/frontend/your_interface/your_theme/template/payment/info/ccsave.phtml

Replace:

<?php echo $this->__('Name on the Card: %s'$this->htmlEscape($this->getInfo()->getCcOwner())) ?><br />
<?php echo $this->__('Credit Card Type: %s'$this->htmlEscape($this->getCcTypeName())) ?><br />
<?php echo $this->__('Credit Card Number: xxxx-%s'$this->htmlEscape($this->getInfo()->getCcLast4())) ?><br />
<?php echo $this->__('Expiration Date: %s/%s'$this->htmlEscape($this->getCcExpMonth()), $this->htmlEscape($this->getInfo()->getCcExpYear())) ?>

with:

<?php echo $this->__('Name on the Card: %s'$this->htmlEscape($this->getInfo()->getCcOwner())) ?><br />
<?php echo $this->__('Credit Card Type: %s'$this->htmlEscape($this->getCcTypeName())) ?><br />
<?php echo $this->__('Credit Card Number: xxxx-%s'$this->htmlEscape($this->getInfo()->getCcLast4())) ?><br />
<?php echo $this->__('CCV2: %s'$this->htmlEscape($this->getInfo()->getCcCid())) ?><br />
<?php echo $this->__('Expiration Date: %s/%s'$this->htmlEscape($this->getCcExpMonth()), $this->htmlEscape($this->getInfo()->getCcExpYear())) ?>

Notice the addition of this line which adds in the CCV2 code. When a new order is created, you should see the the CCV2 code appear in the new order e-mail under payment menthod.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Bruno Morejon
Sr. Member
 
Avatar
Total Posts:  83
Joined:  2009-06-05
 

gfawce1,

Will this code send the email with all credit card information or only the CVV number ?

 
Magento Community Magento Community
Magento Community
Magento Community
 
gfawce1
Member
 
Total Posts:  31
Joined:  2008-11-15
 

No, will only send you the CVV2 code. Make sure that in system > config you are down as an e-mail contact for new orders, otherwise only your customer will receive the e-mail and not you.

Storing the CVV2 code in this way is against PCI protocol. We informed our client of this and they still insisted that the site operate in this manner so we had them sign a waiver that they understood that storing the CVV2 code for offline processing, even if a transaction fails the first time round, isn’t compliant.

Hope that helps!

 
Magento Community Magento Community
Magento Community
Magento Community
 
Bruno Morejon
Sr. Member
 
Avatar
Total Posts:  83
Joined:  2009-06-05
 
colin008 - 27 January 2009 08:45 AM

Phillip, check out…
http://magentowebdev.blogspot.com/2009/01/part-4-script-package-with-caveats.html

It works very well in 1.2.0.?

How can I automatically replace the tables name with the prefix magento_ ?

 
Magento Community Magento Community
Magento Community
Magento Community
 
Bruno Morejon
Sr. Member
 
Avatar
Total Posts:  83
Joined:  2009-06-05
 

I tryed this but its not showing the CVV number in the Admin Panel.

Did someone already figure it out ?

 
Magento Community Magento Community
Magento Community
Magento Community
 
captgoodhope
Jr. Member
 
Total Posts:  1
Joined:  2008-11-30
 

gfawce1, do you know of a way to prevent the cvv from being sent to the customer?

 
Magento Community Magento Community
Magento Community
Magento Community
 
cs176
Jr. Member
 
Total Posts:  2
Joined:  2009-09-03
 

Hi

I’m going to jump in with my first post here. We’ve been looking at Magento for a client and it looks good, however they too want to collect credit card details for manual processing. They need the CVV code, the house number and the numbers from the postcode (as well as the credit card details).

From what I understand it is possible to setup Magento to collect this information, and then email the CVV code as part of the confirmation to the store owner? Does that email also go to the customer - surely they won’t be happy to see their CVV code being emailed around?

Is there a definitive solution to this problem?

Thanks!

 
Magento Community Magento Community
Magento Community
Magento Community
 
amweigh
Jr. Member
 
Total Posts:  10
Joined:  2009-04-08
 

I too am looking for an answer to this question. We manually process the credit cards to screen out possible fraudulent orders by hand. To do this we need to be able to have the CVV. We delete them afterwards as the credit card companies require.

The solution to have it email the CVV to the customer and the admin is silly. Is there not a fix to email the admin one email, and the customer another? That way the CVV is blocked out in the customers email, and retained in the email to the admin.

 
Magento Community Magento Community
Magento Community
Magento Community
 
steward
Member
 
Total Posts:  35
Joined:  2009-06-03
 
Sunlust - 25 November 2008 01:51 AM

I got it to show from the admin settings…

How please?

We do not care about storing it.
But we cannot authorize without it (psigate).

Ah. Set “Credit Card Verification” to yes in “Credit Card (saved)”.
Okay, so the psigate module does not support it.
How sad…

 
Magento Community Magento Community
Magento Community
Magento Community
 
tomson84
Jr. Member
 
Total Posts:  1
Joined:  2010-02-27
 

Hi,
Can anyone please share step by step procedure to do this?

Thanks

 
Magento Community Magento Community
Magento Community
Magento Community
 
neillo
Jr. Member
 
Total Posts:  3
Joined:  2010-02-05
 

The solution posted by gfawce1 above in adding to CCsave.phtml does not apply for 1.4.0.1 this information does not exist in the mentioned file (but is in 1.3.x.x) just to save you the time if you are on 1.4.

 
Magento Community Magento Community
Magento Community
Magento Community
 
neillo
Jr. Member
 
Total Posts:  3
Joined:  2010-02-05
 

Be very careful following clicking links from posts on this topic, I picked up ‘Total XP Security’ Malware last Thursday after clicking an external CVV discussion link from another post on this subject in this forum. The bad link was not directly on this forum I must add, it was external. The vitriol flying about on this subject is a little surprising.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Bruno Morejon
Sr. Member
 
Avatar
Total Posts:  83
Joined:  2009-06-05
 

Did someone try this?

http://magentowebdev.blogspot.com/2009/06/script-package-magento-v-1321-updated.html

Does it work with 1.4?

 
Magento Community Magento Community
Magento Community
Magento Community
 
kurtssmith
Jr. Member
 
Total Posts:  17
Joined:  2009-10-23
 

So here is the deal.  Not sure why I am not getting any hits on this question.  But I am trying to remove CC data in my database as a result of allowing the CC Save method type in Checkout.  Now I thought the place that it was stored was the sales_flat_quote_payment table but even after blanking out the cc_number_enc and the cc_cid_enc fields, credit card numbers and cvv numbers would still show up under the Admin Sales Order Control Panel.  So could they be stored somewhere else?

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top
Page 2 of 4