Last Modified: 10.10.2012
To provide the maximum operability of the order handling process, the system is able to receive payments via credit cards. It is clear that credit card operations must as secure as possible. The system uses the most robust encryption mechanisms to prevent any misuse or malicious use of credit card information of your customers. You can find the credit card security options in the e-Store module settings:
- Security of the credit card operations are ensured by using a unique password, and choosing the required algorithm for the credit card number encryption.
If you fail to provide the path to the encryption password file, the system warns you by showing the corresponding banner (in red). The best way to keep this file safe is to store it outside of the site root directory, but make it available for reading by the PHP interpreter at the same time. For example: d:/projects/siteman/bitrix/modules/sale/install/data.php. In this file, you have to define a special variable $pwdString whose value would be the credit card number encryption password.
Important! A strong password must contain letters and digits and have over 20 symbols.
The system comes with the sample password file (the password is initially empty). This file can be found in /bitrix/modules/sale/install/data.php.
$pwdString = "";// Provide password here (at least
// 20 letters and digits is recommended)
- Choose the encryption algorithm. RC4 does not require any additional modules. AES and 3DES requires the Mcrypt PHP module to be installed.
Encryption algorithms are mutually incompatible. You will not be able to change algorithm after the real credit card numbers appear in the database.
You can add credit card data here: e-Store -> Customers accounts -> Credit cards. Clicking Add new credit card opens a credit card information form:
- User: a credit card is bound to a registered user. Choose one of the registered users by clicking .
- Payment system: choose the payment system that will be used to process payments performed with a given credit card.
- Credit card type and Currency: choose the credit card type and the currency in which payments can be performed.
The credit card number is verified using the algorithm specified by the card developer (Visa, MasterCard etc.) The credit card number is not a set of random digits; an attempt to save a record with an incorrect number throws a warning message:
- Currency of amounts: if you provide the maximum and/or minimum amounts that can be withdrawn from the card, choose here the currency in which the amounts are specified.