Hi there!
A few queries:
What happened to the ability to store credit cards for use with non-subscription orders? I seem to remember that I had this ability, and now, I have to key in the number each time.
If that's not going to return, is it possible to be able to enter the CVV2 code PRIOR to clicking "Place Order"? A minor annoyance, to be sure, but I always seem to put my card away right before clicking the button, then have to drag it out again since I haven't memorized things.
Finally, another minor annoyance: Instead of having to choose "Visa" or "MasterCard", is it possible to just have the order page automatically detect this? All Visa begin with a 4, MasterCard with a 5. Just seems a useless step, and frustrating when I miss it/ignore it, and have to re-key in the entire number again.
Anyhow - none of these are HUGE deals, but it would be awesome if they weren't any kind of deal at all.
Thanks for the awesome!
If you go to your My Payment Methods page, there should be a checkbox to enable saving your payment methods.
If your card is saved, you shouldn't have to re-enter the CVV2 code when using it on an order. (I think.)
If you go to your My Payment Methods page, there should be a checkbox to enable saving your payment methods.
If your card is saved, you shouldn't have to re-enter the CVV2 code when using it on an order. (I think.)
Can I store magnetic stripe data? How about CVV, CVV2, or PVV?
Full track data (Track 1 and Track 2) cannot be stored past the initial transaction authorization completion. This includes CVV, CVV2, and PVV.
Elements that may be stored after authorization are name, account number, expiration date, and service code. To be PCI compliant, the account number must be encrypted, hashed, or truncated.
Source: PCI Compliance FAQ for Merchants (2007)
Found the box to check, thanks. Dunno how it got "turned off", as I did once have stored cards for non-subscription orders.
We'll see how it works on my next order.
Senior Software Developer
|
another_mage: FYI, We are absolutely in compliance with that standard. We do not store or log CVV codes anywhere in our system. What we do is set a flag that says "customer has previously entered the CVV code on a successful transaction", and pass that flag on to our transaction processor. We only set the flag if our credit card processor tells us the CVV was correct.
another_mage: FYI, We are absolutely in compliance with that standard. We do not store or log CVV codes anywhere in our system. What we do is set a flag that says "customer has previously entered the CVV code on a successful transaction", and pass that flag on to our transaction processor. We only set the flag if our credit card processor tells us the CVV was correct.
Good to know. I've designed some database tables and written some code to handle credit card processing. Getting it right (read: compliant, secure, and usable) is not easy.
I trust Paizo; otherwise I wouldn't be a subscriber. :-)