Magento Forum

   
Paypal Billing Agreement, is the data encrypted on the server. 
 
fixxi1
Jr. Member
 
Total Posts:  13
Joined:  2011-12-16
 

I spoke to Paypal and they told me that with the Magento/Paypal billing agreement, credit card data is stored locally on the server.

Can someone comment how this data is stored ? Is it encrypted ?  Can developers who have access to the server file system read this credit card data ?

This is a security concern.

 
Magento Community Magento Community
Magento Community
Magento Community
 
MagenX
Enthusiast
 
Total Posts:  791
Joined:  2008-05-26
Dublin
 

http://www.magentocommerce.com/knowledge-base/entry/setting-up-billing-agreements-through-paypal

 
Magento Community Magento Community
Magento Community
Magento Community
 
fixxi1
Jr. Member
 
Total Posts:  13
Joined:  2011-12-16
 

thanks, the article still doesnt say how/where credit card data is stored on the server is it encrypted, etc.

 
Magento Community Magento Community
Magento Community
Magento Community
 
MagenX
Enthusiast
 
Total Posts:  791
Joined:  2008-05-26
Dublin
 

Customer signs up on your website and subscribes to your services.
Customer completes their purchase by selecting a payment method that they wish to use. They select PayPal.
You initiate the creation of a billing agreement with PayPal, then redirect the end customer to PayPal’s site to accept the billing agreement. Once the billing agreement is accepted, the customer is directed back to your website to complete the purchase.
The customer’s acceptance of the billing agreement creates a billing agreement ID (BAID) that gets stored in Magento as a payment method. 
The BAID can be used to process payments for the current order and future orders. You can submit a payment through Magento to charge the customer’s PayPal account for the initial payment on that customer’s subscription.
Next month (or on the next billing day), you can charge the customer for their next recurring subscription fee using the stored BAID in their Magento customer account, without the customer having to log into PayPal again.

so technically you have only BAID stored in your db, then you make a call to paypal with this BAID, and paypal checks all data and funds available and acts accordingly.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Brynnae
Member
 
Avatar
Total Posts:  36
Joined:  2012-04-17
California
 

As far as I know, all the data are secured by one or the other way. Data are secured by Secured Socket Layer(SSL). Because this is the crucial data and must be encrypted form. If it is not then there is a risk involved in this, so I think being reputed company, PayPal must be using Secure Database to store though it is local server.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
    Back to top