Incorrect text on /admin/store/settings/payment/edit/methods [#553972]

Under the Debug Mode Data Clearing section, it says:

Specify below the status and age of orders whose credit card details will be removed. This setting only applies when operating in debug mode. When not in debug mode, no credit card information except the last 4 digits of the card number will be stored.

Doesn't seem to be true. Even when not in debug mode, the last 4 digits of the card number plus expiration date and card type are stored.

Comment	File	Size	Author
#4	553972.patch	3.3 KB	longwave
#4

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

rszrama CreditAttribution: rszrama commented 19 August 2009 at 23:09

Assigned:

Unassigned

» rszrama

Good call, that text will be updated. Really, I think it should read the full card number will never be stored when not in debug mode... and even in debug mode, numbers that have been authorized are truncated.

Comment #2

Anonymous (not verified) CreditAttribution: Anonymous commented 25 August 2009 at 11:49

Having looked again at this page, putting what IS stored in the Debug Mode Data Clearing section may not be the best place anyway.

Suggestions:
Remove the last sentence from the Debug Mode Data Clearing section so it reads:

"Specify below the status and age of orders whose credit card details will be removed. This setting only applies when operating in debug mode."

Then in the Credit Card Data Security section, add a new paragraph after "Once this is set, you should not change it." for example:

"The card type, expiration date and last four digits of the card number are encrypted and stored ."

and change the text below the Operate in credit card debug mode checkbox. For example

"In debug mode, the full credit card number is stored which may be in violation of PCI security standards.
Debug mode is only recommended for testing transactions with fake credit card details."

Martin