De : "Phillip Rhodes" <[EMAIL PROTECTED]>
> Hi everyone, > > It appears that ofbiz is saving credit card information. While there is > sometimes a business need to do this, very often, there is not. For example, with cybersource and verisign, all you need to store is the authorization code. With the authorization code, you can perform settlements, and returns. Of course, there could be an back-office process that runs credit cards, so it would be necessary in that case. > > I am bringing this issue up because holding this information is a risk. It > would be nice if ofbiz could provide a means by which organizations would be able to opt out of having credit card information stored for their customers. This is an interesting idea, but you should also consider that if for any reasons you need to re-authorise the card you will not be able to (there are some cases you will need to do that : amount change - not able to deliver all -, etc.) YMMV suiving your payments provider (though I guess an auth is not a re-auth everywhere in the world) Jacques