For PCI compliance, you'll likely need to eliminate the entry of all CC information into the database. If you're on a live site (ie no longer debugging/testing) and do not have any other uses for CC information in the database/admin, make the following changes and your DB and admin will never see/get that information in the first place.
-----------------------------------
Only one file and four lines to modify.
catalog/checkout_process.php
1. Find
'cc_type' => $order->info['cc_type'],
change to:
'cc_type' => '',
2. Find (right below on unmodded osc)
'cc_owner' => $order->info['cc_owner'],
change to
'cc_owner' => '',
3. Find (right below on unmodded osc)
'cc_number' => $order->info['cc_number'],
change to
'cc_number' => '',
4. Find (right below on unmodded osc)
'cc_expires' => $order->info['cc_expires'],
change to
'cc_expires' => '',
----------------
That's it. This will ensure that your OSC system never sees the sensitive CC information. Authorize.net will still function properly.
Zip file attached contains .txt with this same information.
More...





LinkBack URL
About LinkBacks









Bookmarks