unencrypted credit card info in commerce_order and commerce_order_revision tables
Using commerce kickstart 7.x-1.13
I found unencrypted credit card info in commerce_order, commerce_order_revision and cache_form tables. Scared the hell out of us.
Where is this coming from and how do we prevent saving this info.
Debugging determined that this info is put in after we processed the card through authorize.net. It is not occurring in that module. But we have not determined where it is being put it yet.
Any ideas from the community?
As a workaround we have installed a hook to x out this data During Checkout Pending state.