Comment 13 for bug 1474051
Revision history for this message
| Rogan Hamby (rogan-hamby) wrote Re: [Bug 1474051] Re: Avoid storing partial credit card payment info | #13 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
That sounds like consent via disinterest.
On Tue, Jul 21, 2015 at 10:59 AM, Bill Erickson <email address hidden> wrote:
> Noting for future reference that my "does anyone care?" email has gone
> unanswered for 1 week.
>
> --
> You received this bug notification because you are subscribed to
> Evergreen.
> Matching subscriptions: evergreenbugs
> https:/
>
> Title:
> Avoid storing partial credit card payment info
>
> Status in Evergreen:
> New
>
> Bug description:
> Evergreen 2.8
>
> When a (non-Stripe) credit card payment is made in Evergreen, some
> card data is stored locally in the EG database. Retaining even
> partial credit card payment information considerably raises the bar
> for PCI compliance. Since most vendors (I think, certainly PayPal)
> allow you to retrieve payment information directly from them with the
> approval code / order number, storing the data locally in Evergreen is
> also redundant.
>
> I'd like to propose that we drop (or anonymize, or leave blank) the
> following columns in money.credit_
>
> cc_type
> cc_number (last 4)
> expire_month
> expire_year
> cc_first_name
> cc_last_name
>
> Thoughts?
>
> To manage notifications about this bug go to:
> https:/
>