Security and CC compliance?

  • We just realized that past logs included CC numbers and information with no warning when enabling the logs that this happens. We see this has been masked in a recent update, but then we also saw the last topic about password stored in clear texts. Does this plugin go through any kind of security checks or CC compliance? Are there any other places the CC info is stored on the server the plugin is running on?

    Storing CC numbers on a customer’s website without their knowledge can put them in a lot of risk.

    Thanks for the support

Viewing 1 replies (of 1 total)
  • Plugin Contributor angelleye

    (@angelleye)

    They logs are typically masked, so it was never considered to inform the user about log file security. A mistake was made, though, which left some logs with CC details. As you saw, we fixed that, but you’ll need to clear out any old logs you may have as you’ve already discovered.

    Sorry for any trouble there. We can assure you at this point there are no CC details being saved in any log files.

    As for the API credentials, we will be reviewing this and making any necessary adjustments in the 1.4.0 release of the plugin.

    If you ever do find any issues please submit them here or on GitHub and we’ll address them ASAP.

    Thanks!

Viewing 1 replies (of 1 total)
  • The topic ‘Security and CC compliance?’ is closed to new replies.