If it is does this make it non pci compliant?
If it is does this make it non pci compliant?
Not by default, it is an app config parameter whether to store it or not. I dont remember the param off the top of my head though.
The AppConfig parameter is StoreCCInDB, the decision is still up to the customer if they will want the CC to be stored; however, even if the information is stored, they are completely sealed/hashed/encrypted so no human being could read or tamper it...
I recently upgraded to multi-store and found a change.
In V8, you could store the CC for recurring orders, and it was hashed, encrypted etc. And recurring customers called in to update their credit cards, and Admin was able to do it by going in to their billing address in the customer section.
In V9, we try that and their is no CC area in site anymore. So it appears we can't replace the customer's credit card unless we want to force him to buy something from the site.
What is the work around for this?