You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you provide a log file name in the AUTHORIZENET_LOG_FILE, the log file will dutifully store the XML sent to Authorize.net, including the credit card number and the CVV value. If you're trying to adhere to PCI compliance rules, this is a violation, and a pretty egregious one at that since the data are stored unencrypted in the clear. It also violates the credit card vendors' rules against ever storing the CVV in any way.
My suggestion would be to obfuscate the card number with Xs and reveal only the last four digits of the card number. I would also obfuscate the entire CVV with Xs. A fancy version would make this an optional switch that is on by default, meaning I, the developer, have to set a flag explicitly to store these values in the clear.
Thanks,
Steve
The text was updated successfully, but these errors were encountered:
sstringer
changed the title
Full CC and PII info are stored in the log file
Full CC Number and CVV info are stored in the log file
Jun 19, 2014
If you provide a log file name in the AUTHORIZENET_LOG_FILE, the log file will dutifully store the XML sent to Authorize.net, including the credit card number and the CVV value. If you're trying to adhere to PCI compliance rules, this is a violation, and a pretty egregious one at that since the data are stored unencrypted in the clear. It also violates the credit card vendors' rules against ever storing the CVV in any way.
My suggestion would be to obfuscate the card number with Xs and reveal only the last four digits of the card number. I would also obfuscate the entire CVV with Xs. A fancy version would make this an optional switch that is on by default, meaning I, the developer, have to set a flag explicitly to store these values in the clear.
Thanks,
Steve
The text was updated successfully, but these errors were encountered: