Looking for the v10 manual? Visit our new user's guide!
Search Descriptions Version
This article applies to: ML v7, ML8, MultiStore

Storing Credit Cards


Below is a list of frequently asked questions relating to the storage of credit card information within AspDotNetStorefront. 

1.) Does AspDotNetStorefront allow the storage of credit card information?
Yes, but storing CC's is not recommended. The appconfig parameter StoreCCinDB can be set to true to store credit card numbers/expiration dates in the database.

2.) Does AspDotNetStorefront store the credit card verification code (CCV2)?
Only for the time it takes to conduct the immediate transaction using a live payment gateway and then it is wiped per PA-DSS procedural guidelines. The CCV2 is never stored longer than needed during checkout and encrypted even during that period. Furthermore, CCV2 numbers are NEVER stored within the database. 

3.) Do you encrypt expiry dates that are stored in the database?
No, again, we recommend you not store any CC info in the db. It's not needed with modern payment gateway. We have a large list of implemented payment gateways that do not require the storage of CC information found on our features matrix at www.aspdotnetstorefront.com/t-features.aspx.