Quote:
|
Originally Posted by ecommerce
money,
are we setting ourselves for problems by storing the cc in the database?
also, i hear cc companies like visa and master card have policies so that ecommerce merchants dont store cc on the database.
whats ur info /opinion on that?
|
I actually used to work for a major CC company headquarters as their marketing business technology liaison/developer, so there definitely are some strict rules implied by the FDIC.
It is my understanding that you
cannot store CVV2 code, and that if you do store CC #, Exp date, etc that it is to be secure and encrypted. I am not informed of the policies mentioned above, though I do not doubt their existence.
The biggest set up for problems is not taking the proper precautions to secure the data, whether it's a phone #, address or the entire U.S. databank of Social Security numbers.
For x-cart, your options are limited, but the fact remains you have Options, like:
- Password protect your /admin directory using .htaccess user authentication
- Delete the 'master' account, creating a new/unique administrator profile preventing/limiting potential hack attempts.
- Use a complex password containg alphanumeric characters and symbols, with varying case: nP3{cx!/Y5
- For older x-cart versions (< 4.1) you can modify the default sALT key, etc used in the encoding process of the x-cart system.