Credit card numbers for orders paid by Real-time payment gateways will only be stored for 120 days.

Once an order is over 120 days old the credit card number will be purged (removed) from the order. Orders where a credit card number has been purged will display the statement "Removed in accordance with data security policies." in place of the credit card number. All other payment information for this order will remain, such as the cardholder name and authorization/transaction code.

This takes affect at the time the 4.1.4 update is released to your site, so any order over 120 days old will have the credit card number removed.

Please Note: This policy does not apply to credit card numbers collected through a Custom Payment method. Purging of custom data will be reviewed at a later date.

Data security standards do not allow the full credit card number to be sent within emails. The credit card number will always be masked (************1234) within all emails from the MC software, whether collected through real-time or custom payment method.

Therefore the following site wide settings will be removed:

• Display Value of Encrypted Fields in Order Emails
• Display Value of Encrypted Fields in Manufacturer Emails
• Display Value of Encrypted Fields in Warehouse Emails

All payment information collected in checkout through a Custom Payment Method will be encrypt when stored; therefore, the "Encrypt" checkbox is no longer needed to control the encryption of payment information.

To continue to allow Admin Users to control what payment information is sent in the New Order, Order Confirmation, Warehouse or Manufacturer emails, the 'Encrypt' checkbox and value will now be associated with new 'Hide in Email' functionality.

The 'Hide in Email' checkbox allows an Admin User to specify certain fields within a Custom Payment option that will not be included in any emails. If you previously had the 'Encrypt' box checked for a Custom Payment input field, then this information will not be included in emails.

Just as was previously released for orders paid by online payment gateways (v4.1.3), if an order was paid by a Custom Payment Method that collects a credit card number, this number will be masked by default within the Order Editor & Print Invoice. To view credit card information, the user must either be a Super Admin or an Admin that has permission.

For more information on this update please see the QuickGuide Viewing Credit Card Information in the Admin Panel

Many Admin Users that use the Custom Payment Manager to collect credit card numbers need to print the full card number in the invoice in order to process the payment through a separate terminal, etc. Because of this there is a business need for some Admin Users to be able to print the full credit card number for custom payment orders.

Therefore while a real-time credit card number will continue to always be masked within the Print Invoice, Admin Users with permission will be able to print the full credit card number collected through a custom payment method.

The Order Invoice Print Setting ‘Display Full Credit Card Information' now only applies to orders paid by a Custom Payment Method. If this setting is set to 'Yes' and the Admin User has the permission 'Allow User To View Full Credit Card Information' checked then the full credit card number will display in the Print Invoice.

With the new payment data security and error handling added within release 4.1.4, the export formats for DataPort have been updated to properly handle instances where the payment information is not available. If the payment information cannot be retrieved then the export file is adjusted. This adjustment is based on the payment method for the order.

• Real-time Gateway Payment Method
  The Card_Number field within the csv export is populated with the credit card number value for orders paid by a real-time payment gateway. If there is an error retrieving the credit card number when building the export file, a message indicating the issue will be placed within the Card_Number field of the export instead.
  The message inserted is based on the reason why the card number is not available:
      a. If the system is unable to save the payment information during checkout, the message will be:
          “Error saving Card Number during checkout process.”
  
      b. If the system is unable to retrieve the payment information at the time requested, the message will be:
          “Unable to retrieve this information at this time. Please try again later.”
  
      c. If the credit card information was purged, the message will be:
          The message will be “Removed in accordance with data security policies.”



• Custom Payment Method
  The Card_Number field within the csv export is populated with the credit card number value for orders determined to include a credit card number collected by a custom payment method. If there is an error retrieving the payment information when building the export file, a message indicating the issue will be placed within the CustomPaymentInfo field of the export instead.
  The message inserted is based on the reason why the card number is not available:
      a. If the system is unable to save the payment information during checkout, the message will be:
          “An Error occurred while saving payment information during checkout, please contact customer.”
  
      b. If the system is unable to retrieve the payment information at the time requested, the message will be:
          “Unable to retrieve this information at this time. Please try again later.”
  

With the new payment data security and error handling added within release 4.1.4, the export formats for MonsterBooks have been updated to properly handle instances where the payment information is not available. If the payment information cannot be retrieved then the export format is adjusted. This adjustment is based on the payment method for the order.

• Real-time Gateway Payment Method
  The credit card number value within the export format is populated with the credit card number value for orders paid by a real-time payment gateway. If there is an error retrieving the credit card number when building the export content, a blank value will be sent instead of the card number or a text error message. All other payment information will be sent as normal.



• Custom Payment Method
  The credit card number value within the csv export is populated with the credit card number for orders determined to include a credit card collected by a custom payment method. If there is an error retrieving the credit card number when building the export content, a blank value will be sent instead of the card number or a text error message. Please log into your Admin Panel to retrieve the custom payment information for this order.