Disable Credit Card Storage may not be working?

[dippa]

Hi,

 

I have "Disable Credit Card Storage" checked, as I do not want to save Credit Card Data. This has been fine up until recently, as WHMCS was not saving CC Data.

 

I recently upgraded to version 7.2.3 and also changed my gateway to Stripe. Since then, I have noticed that the database table "tblclients" has been saving data in the credit card columns, such as "cardtype", "cardlastfour", "cardnum", etc.

 

Is there something wrong here? Has WHMCS started saving credit card data even though "Disable Credit Card Storage" is checked? Or is WHMCS not saving credit card data, but is instead just saving Stripe token data (If so, would saving Stripe token data affect PCI compliance)?

[WHMCS John]

Hi,

With tokanisation gateways such as Stripe, the following information is stored:

• Card Type,
  
• Last 4 Digits of Credit Card Number
  
• Expiry Date
  
• Remote Token
  

The full card number never touches your server with the Stripe module and those similar to it, so your PCI liabilities are thereby reduced compared with a full merchant payment gateway.

[Amelia1]

Hi Everyone

Without more context, it's difficult to determine the specific issue with disabling credit card storage. It's important to ensure that sensitive financial information is properly protected and not stored unnecessarily to prevent potential security risks.

[brianoz]

Amelia: WHMCS John said above that there wasn't an issue and that actual card data isn't stored, at least for Stripe.

The only way to know for sure is to check the card related fields in the database occasionally.  Worth being aware that the "cardnum" field contains a remote token for most remote gateways, so just check to see whether the data there is an actual card number before panicking.