Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Under the Debug Mode Data Clearing section, it says:
Specify below the status and age of orders whose credit card details will be removed. This setting only applies when operating in debug mode. When not in debug mode, no credit card information except the last 4 digits of the card number will be stored.
Doesn't seem to be true. Even when not in debug mode, the last 4 digits of the card number plus expiration date and card type are stored.
Comment | File | Size | Author |
---|---|---|---|
#4 | 553972.patch | 3.3 KB | longwave |
Comments
Comment #1
rszrama CreditAttribution: rszrama commentedGood call, that text will be updated. Really, I think it should read the full card number will never be stored when not in debug mode... and even in debug mode, numbers that have been authorized are truncated.
Comment #2
Anonymous (not verified) CreditAttribution: Anonymous commentedHaving looked again at this page, putting what IS stored in the Debug Mode Data Clearing section may not be the best place anyway.
Suggestions:
Remove the last sentence from the Debug Mode Data Clearing section so it reads:
"Specify below the status and age of orders whose credit card details will be removed. This setting only applies when operating in debug mode."
Then in the Credit Card Data Security section, add a new paragraph after "Once this is set, you should not change it." for example:
"The card type, expiration date and last four digits of the card number are encrypted and stored ."
and change the text below the Operate in credit card debug mode checkbox. For example
"In debug mode, the full credit card number is stored which may be in violation of PCI security standards.
Debug mode is only recommended for testing transactions with fake credit card details."
Martin
Comment #3
TR CreditAttribution: TR commentedStill need to fix this in 7.x-3.x and 6.x-2.x.
Comment #4
longwaveFix committed to both branches.