Mollie stores not encrypted user bank account data within Magento #623
Comments
|
Thank you for bringing up this matter. Although the module code itself may not require the storage of this information, it could potentially be utilized in downstream systems, such as direct refunds, that do not involve Mollie. While I acknowledge that this occurrence may not be ideal without the merchant's awareness, we plan to enhance the situation by implementing encryption by default. Additionally, we may provide an option for the merchant to restore the current behavior if they depend on it. |
|
Hello @HenKun, We're pleased to inform you that the latest version of the Mollie plugin now includes the feature you requested. In the advanced section of the plugin, you will find an option to "Encrypt payment details" which you can enable to secure these details. We hope this solution meets your requirements. For now, we will mark this issue as resolved. However, if you require further assistance, please feel free to reopen the issue. |
Describe the bug
In
sales_order_paymenttable inadditional_informationcolumn, customer's bank account data is stored for SOFORT payments (and maybe others?) in an unencrypted way.e.g.
I am not sure this is legal in all countries due to PSD2 things and privacy regulations.
Since it is not visible in frontend, module users might not be aware of this.
Even if it IS legal, if these information is not used anywhere in the system, it need not be stored imho.
Used versions
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Only private data is stored that is actually used or has a usecase.
If possible that required data should be encrypted.
Actual behavior
Bank account data is store in clear text.
The text was updated successfully, but these errors were encountered: