Clients saving credit card info

[coeus]

I just noticed a Credit Card Details section in the client area. Is it safe for clients to save their CC on this system, even if SSL is enabled?

 

If not, how can we disable this option?

[UNIXIELHOST]

To disable that, go in your payment gateway and disactive the credit card feature, then it will not show up

[bear]

Is it safe for clients to save their CC on this system, even if SSL is enabled?

 

SSL does nothing to protect stored information; that only encrypts the transaction between the user and the server. Once the card is stored, it's encrypted in WHMCS, but the key to decrypt is available (by necessity) within the script and files.

 

I don't feel this is safe, and don't offer off line credit processing through WHMCS. If a client wants that, I have them call with the info for manual processing, It's stored locally for future use, never exposed to the internet.

[coeus]

To disable that, go in your payment gateway and disactive the credit card feature, then it will not show up

 

I don't have it activated. I just have Paypal Website Payments Pro and Paypal Website Payments Standard enabled. Yet for some reason the option to store a CC is still available in the clientarea.

Edited June 6, 2009 by coeus

[herpherp]

I don't have it activated. I just have Paypal Website Payments Pro

 

Credit cards are stored for website payments pro so that it can process the recurring payment.