On Feb 28, 2011, at 2:53 PM, carsonrotisserie wrote:
> Just to give an update, I solved this problem by enhancing the method
> PaymentGatewayServices.processAuthResult to replace the credit card number
> after the authorization is complete.
>
> String number = (String)creditCard.get("cardNumber");
> String lastFourDigits = number.substring(number.length() - 4,
> number.length());
> String firstDigits = number.substring(0, number.length() - 4);
> firstDigits = Pattern.compile(".").matcher(firstDigits).replaceAll("x");
> creditCard.set("cardNumber", firstDigits + lastFourDigits);
> creditCard.store();
>
> I also had to modify the capture and refund methods in the specific
> processor code to use the request token instead of the credit card number.
>
> I really do wish ofbiz would build this as a configurable option into the
> system as I have worked with some of the biggest online ecommerce retailers
> and in my experience storing credit card numbers is not the best practice.
>
Submit a patch and chances are it will happen...
-David
