Hide Credit Card Number At Checkout
 

I have looked all over the forum for a way to mask the credit card numbers when a customer checks out to prevent unathorized use of their cc info and I had no luck so I came up with another solution and thought I would pass it along if anyone else is worried about the same problem.

The fix will not mask the numbers but instead will totally hide the numbers from the customer but it still shows up in the admin and database.
The only drawback is the customer will have to enter their credit card everytime they checkout but I think it's worth the trouble for the added security.

If anyone else has a better idea I wish they would let me know.

In the Skin1/ Main/ folder find the register_ccinfo.tpl

find

<input type=text name=card_number size=32 maxlength=20 value="{$userinfo.card_number}">

change to

<input type=text name=card_number size=32 maxlength=20 value="">

find

<input type=text name=card_expire size=4 maxlength=4 value="{$userinfo.card_expire}">

change to

<input type=text name=card_expire size=4 maxlength=4 value="">

find

<input type=text name=card_cvv2 size=4 maxlength=4 value="{$userinfo.card_cvv2}">

change to

<input type=text name=card_cvv2 size=4 maxlength=4 value="">


That's it if anyone is interested.

I have a better idea. At least it is what I do. After an order is placed I log-in to my database and delete the info. I DO NOT trust it being on the web and neither should anyone. No matter how secure we think our info is hackers CAN GET IT. I try to remove as much info as possible as then and only then do you know your customerБ─≥s info is protected. It only takes 30 seconds to fix. Just one time login to your mysql database (or whatever you use) I then create a link in my favorites so all I have to do is click it next time. Then just go to your Customers Table and then on that customer REMOVE THE CC INFO then click save. As said it only takes about 30 seconds and if you really care about your customerБ─≥s security this is the only SURE way to get it off of a vulnerable computer. Would you be happy in knowing that your info (especially CC info) was being stored on the web by some company where a hacker could come get it or would you feel more secure knowing that it is only stored in the companies Accounting software away from the web and a vulnerable server. If your customers get upset about entering a total of 20 numbers (16 for the card and 4 for the expiration date) then man has this world ever become lazy. Anyway this was just my suggestion for securing the info.

or when you go to process the order and view the cc info in the order page delete it from the order info text area before you change the status to processed

Great idea
 

Great idea if you instantly process it as soon as the order is placed but what about the few hours that pass until then. I do not like the idea that if someone accesses the account until you delete it the customers cc iinfo shows up at checkout.

success yet?
 

Anyone make this work yet?