Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

Card type & last 4 passed to x-cart?

 
Reply
   X-Cart forums > X-Payments > X-Payments issues & questions
 
Thread Tools
  #1  
Old 11-12-2012, 06:12 AM
 
carpeperdiem carpeperdiem is offline
 

X-Guru
  
Join Date: Jul 2006
Location: New York City, USA
Posts: 5,399
 

Default Card type & last 4 passed to x-cart?

Is it possible for transactions in x-payments to pass the last 4 digits and card type to xpc?

We used to be able to do this because the card # was inside xcart even if not stored. Now that the card number never sees xcart, can x-payments send a truncated card # and payment type to xpc?

I think this is quite an oversight by x-payments if not...

Sending last 4 digits + card type is NOT a violation of any PCI rules - so why isn't this standard out-of -the-box?

Customers want this.

1. Did I pay for this with my work or personal card?
2. Did I pay for this with my bonus points card?
etc...

Merchant wants this to simplify customer service inquiries.

Alex -- what is the reasoning from your perspective why this is not standard? We all know that once a card number is truncated, it's no longer "stored" and outside scope of PCI. EVERY modern credit card terminal prints card type and last 4 digits. Why did x-cart/x-payments omit this? I really want to know.

$order.payment_method is BUTT UGLY - useless to the customer and quite frankly, information the customer doesn't need to have. The customer has zero need to know my payment gateway. BUT - they want to know which credit card they used. This was very easy to grab in older x-carts, but since 4.5 and x-payments, appears to be impossible without knowing the code.

Thanks for sharing any possible solutions.

Jeremy
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4
Reply With Quote
  #2  
Old 11-12-2012, 06:18 AM
  ambal's Avatar 
ambal ambal is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 4,119
 

Default Re: Card type & last 4 passed to x-cart?

Jeremy, I fear the last 4 digits feature hasn't been just implemented for some reason (may be time constraints). I manage X-Payment project since April 2012 so I do not know real reasons for not implementing that. But I'll check with my team if we can have this added to v1.1 that we are planning to release in early 2013.
__________________
Sincerely yours,
Alex Mulin
VP of Business Development for X-Cart
X-Payments product manager

Last edited by ambal : 11-12-2012 at 07:04 AM.
Reply With Quote
  #3  
Old 11-12-2012, 06:28 AM
 
carpeperdiem carpeperdiem is offline
 

X-Guru
  
Join Date: Jul 2006
Location: New York City, USA
Posts: 5,399
 

Default Re: Card type & last 4 passed to x-cart?

Alex,

This feature has been missing (stock) from x-cart since the beginning of time -- but many of us either contracted x-cart for custom coding (as I did) or just did it themselves. It was easy enough to do (even without storing cc numbers).

If you ask around, you will probably discover that early designers intentionally left this out. But why it was left out of x-payments is something I'd sure like to know. DId a QSA tell you that this was bad? Misreading of the PCI specs?

Merchants want this. Customers want this. It should be stock. For now, the workaround is to NOT share the merchant gateway with the customer, and use a smarty replace in /common_files/mail/html/order_invoice.tpl

FIND:
Code:
{$order.payment_method}
REPLACE WITH:
Code:
{$order.payment_method|replace:"(your-gateway-name)":"Credit Card"}

But this replaces the gateway payment name with "Credit Card" - for PayPal it is still "PayPal", etc...

Better than nothing, but not the right way to do it.

Thanks.

J
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4
Reply With Quote
  #4  
Old 11-16-2012, 02:56 PM
 
carpeperdiem carpeperdiem is offline
 

X-Guru
  
Join Date: Jul 2006
Location: New York City, USA
Posts: 5,399
 

Default Re: Card type & last 4 passed to x-cart?

I have discovered that xpc is passing the last 4 + card type to the xcart admin

/admin/order.php?orderid=12345

Quote:
[+] Payment gateway log

--- Advanced info ---

Message:APPROVAL
txn_id:13
AVS:Address (Street) matches, ZIP does not
CVV:CVV2 Match
--- Advanced info ---
Reason: Approved: Payment is charged
(last 4 card numbers: 1234;
(card type: VISA);

Look at that!

It appears that this is passing to x-cart via

/modules/XPayments_Connector/xpc_func.php

in var, $advinfo

but it looks like a compound string -- can't see where $advinfo is getting Card Type or "last 4" from..

Ah...
in the database:

table: xcart_order_extras
khash: advinfo
value: B-45ae5aca2b7d (and about 450 characters follow)...

Anyone have any idea how we can extract the data from $advinfo and turn it into 2 vars: $last4 and $cardtype, and these 2 vars are avail on order_info pages and emails.

This SHOULD BE a stock out of the box feature of x-cart.

We know that x-payments is sending the info (encrypted) via xpc. Please, finish this -- it's a feature of EVERY OTHER payment terminal made, internet or physical.
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4
Reply With Quote
  #5  
Old 11-16-2012, 07:35 PM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 14,190
 

Default Re: Card type & last 4 passed to x-cart?

Advanced order info is avail to admin only. It is the php file that outputs "history order" template - if usetype is "C" (customer) advanced info is skipped. It is a matter of copying the code from the admin section of the file and make it available to customer but I would suggest strip it down to only that info and assign to smarty. The reason for being like that - XC used to save the whole CC info for an order so no reason to show it to customers...
That's how it worked before, not sure about 4.5.x though
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote
  #6  
Old 11-17-2012, 04:52 AM
 
carpeperdiem carpeperdiem is offline
 

X-Guru
  
Join Date: Jul 2006
Location: New York City, USA
Posts: 5,399
 

Default Re: Card type & last 4 passed to x-cart?

Yes, but...

The string is obfuscated.

Deciphering the khash string is a few levels beyond my pay grade.

Does xpc really have to bring this data in encrypted? We're only looking for the last4 and card type. This is NOT against PCI rules. Once the card number is truncated, it's no longer a credit card and poses no security risk to the cardholder or the merchant.

Alex or x-cart engineers, why did you bring this data back to xcart encrypted? How can we decrypt into strings we can use?

Thx
J
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4
Reply With Quote
  #7  
Old 11-19-2012, 01:13 AM
  ambal's Avatar 
ambal ambal is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 4,119
 

Default Re: Card type & last 4 passed to x-cart?

Folks, give us a couple of days to discuss this internally.
__________________
Sincerely yours,
Alex Mulin
VP of Business Development for X-Cart
X-Payments product manager
Reply With Quote
Reply
   X-Cart forums > X-Payments > X-Payments issues & questions


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 02:14 PM.

   

 
X-Cart forums © 2001-2020