Storing credit card numbers seems to be a recurring concern with many people. I’ve tried to find out as much as I can on this issue in regards to ofbiz. Here are the threads I’ve found so far.
http://osdir.com/ml/user.ofbiz.apache.org/2009-10/msg00706.html http://www.mail-archive.com/[email protected]/msg05735.html http://www.pubbs.net/ofbiz/200910/58402/ http://n4.nabble.com/Address-update-issue-td278128.html#a278186 I'm fairly new to ofbiz but I've been developing in ecommerce and I've worked with different payment gateways for years now. The gateway I've spent years working with is Cybersource. I find it surprising that ofbiz has not built an option into the system for selecting to not storing credit card numbers. I'm not sure about some of the other gateways but I know at least with cybersource, there is absolutely no reason to store the cc number. After you make the initialize authorization, you receive a request token for that auth. With this request token you can make any type of subsequent requests, whether it is capture, credit, re-auth, etc. The request token is valid for up to 60 days. Also cybersource returns a unique request token for each of these requests that can also be used to make further requests. Having this feature really makes storing the credit card numbers useless, increases your PCI compliance level, and makes companies feel a whole lot better. Cybersource also has support for recurring orders and payments, although I've never used them, I'm sure they could be built into the ofbiz recurring order functionality. I've not really had a chance to dig into the code yet, but for someone who knows the code, this should be a pretty simple enhancement. All you would need to do is make sure you store the request token from the initial authorization and then on the captures, credits, re-auths, instead of passing the cc number into it, you just pass the request token. -- View this message in context: http://n4.nabble.com/Clearing-credit-card-data-after-capture-tp203987p1692471.html Sent from the OFBiz - Dev mailing list archive at Nabble.com.
