Are Credit Cards secure from Admin User?

[markcrobinson]

I am hiring an offshore company to work on my WHMCS system and will need to give them Admin privileges. Although they are a reputable company, I would like to make sure that customer's credit card numbers are not at risk.

Can this admin get in, view the customer's credit card numbers, and abuse them?

How should I protect myself?

[jclarke]

If you are using local credit card storage and this third party has access to the server to look at your configuration file and get the CC hash and has full admin access to your WHMCS system then yes, they would be able to get your customers credit card numbers.

 

However, if you are using a credit card gateway that uses tokens, then they would only be able to see the tokens.

[markcrobinson1]

Is there anything I can do to protect my clients? The company I am hiring is customizing the whmcs templates so non-geeks can sign up for accounts -- something I very much need.

[openmind]

As above, it depends on the payment you are using and if you are using local storage for the cards.

[bear]

The company I am hiring is customizing the whmcs templates so non-geeks can sign up for accounts

 

I am hiring an offshore company to work on my WHMCS system and will need to give them Admin privileges.

Why does that need admin access?

[markcrobinson1]

Our gateway is Paypal Payments Pro so we do enter in customer credit card numbers in the Customer screen. I just assumed that the developer would need admin access to set up the whmcs templates and order process. They will be doing customization work.

[bear]

Without knowing all they need to do for you I can only guess, but templates are modified outside of the WHMCS admin area. They're edited off line, in fact, then uploaded, and since they involve the clients ordering process, that's viewed from outside as well.

Can't say I know why they'd need access...

[bear]

You have two accounts, Marc?

markcrobinson / markcrobinson1

[And then there was one les]

Is there anything I can do to protect my clients? The company I am hiring is customizing the whmcs templates so non-geeks can sign up for accounts -- something I very much need.

 

 

If you want to allow them access via FTP to the server.

 

create an ftp account, set its root to the templates directory, this will prevent access to any directory above their rooted access and therefore keep access away from sensitive files.

 

I would consider asking them to simply provide you with the files needed and you can upload them yourself. This way they need no ftp access. You can then just give them the admin privileges they need on your whmcs admin area.

[WHMCS Chris]

Hello,

 

I'm really glad to hear you're wanting to secure your clients data. That being said, you shouldn't be storing WHMCS on the same server as your clients. There's a handful of issues with this, and just to point out a few:

 

[1] If the server goes down, thus your clients sites go down - they have no way of contacting you, because so will yours

[2] If you've not correctly patched Apache to disable symlinking across users files, someone who hacks your clients outdated WordPress can then symlink to your WHMCS configuration file - obtain access to the database, and all your clients data is there for the taking.

 

 

There are plenty of inexpensive VPS servers where you can house WHMCS on alone - keeping your clients, and your company separated.

 

That being said, I would recommend using Gateways that support tokenization. We've got a list here that use tokens, rather than storing credit card details. It also puts you one step closer to being PCI DSS compliant.

 

http://docs.whmcs.com/Payment_Gateways#Tokenisation_Gateways

 

Regards,

[And then there was one les]

Hello,

 

I'm really glad to hear you're wanting to secure your clients data. That being said, you shouldn't be storing WHMCS on the same server as your clients. There's a handful of issues with this, and just to point out a few:

 

[1] If the server goes down, thus your clients sites go down - they have no way of contacting you, because so will yours

[2] If you've not correctly patched Apache to disable symlinking across users files, someone who hacks your clients outdated WordPress can then symlink to your WHMCS configuration file - obtain access to the database, and all your clients data is there for the taking.

 

 

There are plenty of inexpensive VPS servers where you can house WHMCS on alone - keeping your clients, and your company separated.

 

That being said, I would recommend using Gateways that support tokenization. We've got a list here that use tokens, rather than storing credit card details. It also puts you one step closer to being PCI DSS compliant.

 

http://docs.whmcs.com/Payment_Gateways#Tokenisation_Gateways

 

Regards,

 

 

Hi chris, i wasnt suggesting that, i was suggesting a solution if he wants to offer access to the company doing his design work for his order form, i missed the part about it being just the design at first which was why i mentioned the admin area also.

 

Being just design i would suggest simply to have them provide the files and upload them himself. Or ask for a dev licence where he can install a system that they can then do the work away from the live.

[brockclerk]

I don,t think cradit cards are secure from admins you have to protect them

[WHMCS Chris]

Hi chris, i wasnt suggesting that.

My reply wasn't to yours, just the initial post

 

I don,t think cradit cards are secure from admins you have to protect them

As the credit card details are encrypted using a unique hash, that hash must be used in order to decrypt them. Thus, if you don't provide file level access to your administrators, they would not be able to view them.