About storing card numbers

  • Resolved lawnmowerdeadman

    (@lawnmowerdeadman)


    2 weeks, 3 days ago

    In the payment settings of woocommerce, there are the following items.

    Customer Profiles

Check to enable tokenization and allow customers to securely save their payment details for future checkout.

    If you check this, you can register the card you have used once, and I understand that it is a system that will make your next purchase smoother, but
    does turning this on mean that I will have to manage some of the card information?
    When I checked, it seems that the registrant manages it individually, and all but the last four digits are obscured, but I am worried about the issue of handling personal information.

    If it is recorded on my server, I would like to refrain from using it for security reasons, but do you know where this information that I have set is recorded in the configuration file?

    Thank you in advance.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support Moses M. (woo-hc)

    (@mosesmedh)

    Hi @lawnmowerdeadman,

    WooCommerce does not store full card details when tokenization is enabled. The payment gateway (e.g., Stripe, PayPal) securely saves the card and provides a token to WooCommerce. Your site only stores the last four digits and expiry date for display.

    Since everything is handled by the payment gateway, you won’t need to manually manage payment info or cards. Card details are not recorded on your server, reducing security risks.

    If you prefer not to store any payment data, you can disable tokenization in WooCommerce settings. Let me know if you need help finding the option!

    Thread Starter lawnmowerdeadman

    (@lawnmowerdeadman)

    Hi @mosesmedh

    Thank you for your answer.

    After hearing this, I turned off ”Check to enable tokenization and allow customers to securely save their payment details for future checkout.”.

    However, I have a question.

    It was on until now, but I understood that the token was registered on the woocommerce side by then, but is that a correct understanding?

    I understand that the token ID is just a reference ID and card information cannot be restored, but if you want to thoroughly manage customer information, I think this token information should also be deleted.

    Do you know where this token ID is stored and how to delete it?

    Plugin Support Jonayed (woo-hc)

    (@jonayedhosen)

    Hey @lawnmowerdeadman ,

    Thanks for reaching out!

    It was on until now, but I understood that the token was registered on the woocommerce side by then, but is that a correct understanding?

    Yes, your understanding is absolutely correct. When tokenization is enabled in WooCommerce, payment tokens are securely stored in your site’s database. These tokens allow customers to save their payment methods for future purchases. Importantly, the tokens don’t store sensitive card details directly; instead, they store a reference provided by the payment gateway to ensure the card information remains secure.

    Do you know where this token ID is stored and how to delete it?

    As for where the token IDs are stored and how to delete them: WooCommerce uses a Payment Token API to manage payment methods securely. The tokens themselves are saved in the wp_woocommerce_payment_tokens table, and any associated metadata is stored in the wp_woocommerce_payment_tokenmeta table.

    You can easily review and manage the tokens by navigating to these tables and selecting the token IDs you want to delete. For more information: https://developer.woocommerce.com/docs/woocommerce-payment-token-api/

    Feel free to reach out if you need more guidance on this!

    Thread Starter lawnmowerdeadman

    (@lawnmowerdeadman)

    Hi @jonayedhosenayedhosen

    Thank you for your answer.

    Based on your answer, I deleted the token ID, which is the content of the file that stores the information.

    I tried checking my profile from the user profile in the wordpress dashboard, and confirmed that “Square Payment Tokens” was blank.

    After that, when I left the page or updated it, it was automatically re-registered, and the information was updated in the file that contained the token ID that I was told about earlier. I thought I deleted it.

    In the settings of woocomerce > Payment > Square,

    “Customer Profiles Check to enable tokenization and allow customers to securely save their payment details for future checkout.”

    I have unchecked this, so why is the token ID recorded as if it were resynchronized?

    I don’t know if this is synced with the Square side, but is it impossible for me not to retain this information?

    Or do I need to make other settings to prevent card information such as the token ID from being recorded?

    Plugin Support Moses M. (woo-hc)

    (@mosesmedh)

    Hi @lawnmowerdeadman,

    I completely understand your concerns about security, but there’s no need to worry, as there’s no security risk involved.

    To clarify, the reason this was regenerated is that the reference comes from the payment gateway. When you update, WooCommerce detects missing data—even if you deleted it—and automatically repopulates the database.

    Since tokenization is disabled, no new data will be stored. If you want to remove your saved card, you’ll need to do so from your My Account page rather than directly from the database. The same applies to other users.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.