Credit Card Email of 8 middle digits

[kerryanne]

Just wondering where I could edit the email that is sent to the store owner.

My client would like a bit more information such as customer contact details and email address to go with it.

Currently all that is sent is

Order #

8 middle digits

[michael_s]

Do not use the cc.php module for production sites. It is there only for testing purposes while you get your store set up. It is NOT secure and should NEVER be used with real cc numbers. It does not meet the minimum rules for transmission of CC info set forth by any credit card company. Get a real time processor that encrypts all transactions and removes the CC# storage responsibility from you.

The hacking community is well aware of that module and can easily identify sites using it for real orders. It puts a big bullseye on sites using it.

Do you fully realize what you are asking to do? Basically provide most of the CC#, name, address, and email in a cleartext email that anybody with basic hacking skills can intercept and use to steal an identity or commit other fraud. If someone with bad intentions wanted to commit fraud with this info, it would be very easy - trust me, I have seen how easy.

Aside from the fact that it shows blatant disregard for the customer's data safety, it is very risky and may even be illegal in some locales.

I suggest you talk your client into the proper way to do business on the internet. Get a real time processor/gateway that is secure. Process the cards in real time and store no credit card data, and most of all do not transmit that data un-encrytped (like you are asking to do). If you explain the risks involved, the tiny fee increase of getting a payment gateway set up is well worth the effort.

[kerryanne]

Yes I agree with you completely on the email front but its what she wanted but we werent going to have the CC number get emailed, just more of the orders details.

I didnt know we shouldnt use the normal CC function.

My client has a payment gateway, the paypal payflow but I cant get it to work and shes wanting the site live tonight.

Arghhh is there someone who can help with this?

She also has regular paypal on the site at the moment. I guess thats all shes going to get at the moment.

On another note.
She does not receive an email when a customer makes an order, isnt that a default feature?

[michael_s]

That is not what your initial post says.

Quote:

Order #

8 middle digits

From what that first post says, you want to add the customer details to the above information. If that is the case, that is a completely insecure setup. You simply should never use the cc.php module for a production site. Emailing even a portion of the actual credit card number is a violation of your merchant agreement and if your processor finds out, they will terminate the agreement or worse. Hackers depend on merchants doing silly things like emailing credit card numbers or storing them in clear text. It makes stealing them so easy.

If your actual payment processor is not working, you simply should not go live until it is working. That is just common sense.

If you have paypal working, go live with it, and when you get the configuration for the other gateway completed bring it online.