Avoid storing partial credit card payment info
Bug #1474051 reported by
Bill Erickson
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Evergreen 2.8
When a (non-Stripe) credit card payment is made in Evergreen, some card data is stored locally in the EG database. Retaining even partial credit card payment information considerably raises the bar for PCI compliance. Since most vendors (I think, certainly PayPal) allow you to retrieve payment information directly from them with the approval code / order number, storing the data locally in Evergreen is also redundant.
I'd like to propose that we drop (or anonymize, or leave blank) the following columns in money.credit_
cc_type
cc_number (last 4)
expire_month
expire_year
cc_first_name
cc_last_name
Thoughts?
Changed in evergreen: | |
milestone: | 2.9-alpha → 2.9-beta |
Changed in evergreen: | |
milestone: | 2.9-beta → 2.next |
Changed in evergreen: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
Changed in evergreen: | |
assignee: | nobody → Martha Driscoll (mjdriscoll) |
Changed in evergreen: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I'd be in favor of blocking. Because of PCI compliance we've modified the
staff client so that staff can't attempt to type anything in there and I
routinely wipe anything in the database.
On Mon, Jul 13, 2015 at 12:24 PM, Bill Erickson <email address hidden> wrote:
> *** This bug is a security vulnerability *** card_payment: /bugs.launchpad .net/bugs/ 1474051 card_payment: /bugs.launchpad .net/evergreen/ +bug/1474051/ +subscriptions
>
> Public security bug reported:
>
> Evergreen 2.8
>
> When a (non-Stripe) credit card payment is made in Evergreen, some card
> data is stored locally in the EG database. Retaining even partial
> credit card payment information considerably raises the bar for PCI
> compliance. Since most vendors (I think, certainly PayPal) allow you to
> retrieve payment information directly from them with the approval code /
> order number, storing the data locally in Evergreen is also redundant.
>
> I'd like to propose that we drop (or anonymize, or leave blank) the
> following columns in money.credit_
>
> cc_type
> cc_number (last 4)
> expire_month
> expire_year
> cc_first_name
> cc_last_name
>
> Thoughts?
>
> ** Affects: evergreen
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are subscribed to
> Evergreen.
> Matching subscriptions: evergreenbugs
> https:/
>
> Title:
> Avoid storing partial credit card payment info
>
> Status in Evergreen:
> New
>
> Bug description:
> Evergreen 2.8
>
> When a (non-Stripe) credit card payment is made in Evergreen, some
> card data is stored locally in the EG database. Retaining even
> partial credit card payment information considerably raises the bar
> for PCI compliance. Since most vendors (I think, certainly PayPal)
> allow you to retrieve payment information directly from them with the
> approval code / order number, storing the data locally in Evergreen is
> also redundant.
>
> I'd like to propose that we drop (or anonymize, or leave blank) the
> following columns in money.credit_
>
> cc_type
> cc_number (last 4)
> expire_month
> expire_year
> cc_first_name
> cc_last_name
>
> Thoughts?
>
> To manage notifications about this bug go to:
> https:/
>