DoNotSaveCreditCardInfo
Initial Build |
2010.01 |
Module |
Accounting |
Current Setting Type |
Check Box |
Note: This system option applies only to electronic transactions for a non-tokenized gateway (e.g. PayPal). For electronic transactions on a tokenized gateway, this system option is not applicable.
Use this system option to further protect credit card information. When this system option is enabled (checked), netFORUM will not save the credit card information (card holder's name, credit card number and expiration date) into the database. netFORUM will create a payment record to store related information instead, such as authorization code and reference number. When you cancel a payment, or issue a refund, netFORUM uses the original transaction's reference number to submit the credit card's transaction to the payment processor.
If the option is false (so that this data is saved), then the data will be encrypted as defined by the EncryptSensitiveData system option. The default for this option is false (cleared).
Non-Tokenized Gateways
When this system option is enabled, then netFORUM will not save the following PCI security related credit card card holder information fields into the netFORUM database:
- card holder name (pin_cc_cardholder_name)
- credit card number (pin_cc_number)
- expiration date (pin_cc_expire)
When this system option is enabled, information about the electronic payment transaction is saved to the database. The only thing that is not saved is data fields listed above, in order to minimize PCI security liability.
When this system option is enabled, a payment record will be created to store related information such as authorization code, reference number and credit card number mask. When a payment is canceled or a refund is issued, the credit card's "Credit" transaction is submitted to the payment gateway using the original transaction's reference number.
If the option is false (so that this data is saved), then the credit card number value will encrypted as defined by the EncryptSensitiveData system option. The other two fields (card holder name and expiration date) are stored in clear text.
The masked credit card number (e.g. ************5678) is always stored, regardless of the system option value, because this value is not considered to be security-related card holder data.
Tokenized Gateways
If the electronic payment is with a tokenized gateway, then the DoNotSaveCreditCardInfo system option is not applicable since the most important piece of card holder data (the credit card number) is housed in the payment gateway's vault.
For these transactions, netFORUM will store the card holder name, expiration date and masked credit card number.
Summary
Property | Database Column Name | Non-Tokenized Payment | Tokenized Payment | |
---|---|---|---|---|
DoNotSaveCreditCardInfo Setting | DoNotSaveCreditCardInfo Setting | |||
True | False | True or False | ||
Cardholder Name | pin_cc_cardholder_name | null | Yes | Yes |
Credit Card Number | pin_cc_number | null | Stored and encrypted per EncryptSensitiveData | null |
Expiration Date | pin_cc_expire | null | Yes | Yes |
Masked Card Number | pin_cc_number_display | Yes | Yes | Yes |
Current Setting
The current setting for DoNotSaveCreditCardInfo is used as follows:
Values: This system option can be set to true (selected check box) or false (cleared check box).
- true—Save encrypted credit card information to the database.
- false—Do not save encrypted credit card information to the database.
Default Value: false
Fields
This system option includes the following fields:
description: This field gives the description of the system option, including its use and default value.
Important! Do not modify the following fields after the system option is first created. Changing these fields after they have been used can invalidate existing data.
category: This field sets the category (usually the module) where the system option is used.
type : The type field determines the display type of the current setting field (check box, drop-down list, or text box).
values: The values field indicates the allowed values for the current setting field.
Availability
Each system option includes the following availability settings:
entity level option?: Select this check box to make this system option available on an entity level.
visible to external systems?: Select this check box to make this system option available in xWeb.