Vote up!
Vote down!

unencrypted credit card info in commerce_order and commerce_order_revision tables

Using commerce kickstart 7.x-1.13
I found unencrypted credit card info in commerce_order, commerce_order_revision and cache_form tables. Scared the hell out of us.
Where is this coming from and how do we prevent saving this info.
Debugging determined that this info is put in after we processed the card through authorize.net. It is not occurring in that module. But we have not determined where it is being put it yet.
Any ideas from the community?
As a workaround we have installed a hook to x out this data During Checkout Pending state.

Asked by: bbarnes
on January 14, 2013

2 Answers

Vote up!
Vote down!

We found the root cause of our issue. We were using a prototype authorize module and there was a call there that saved the subscription data in order->data. That line of code is so gone!

Answer by: bbarnes
Posted: Jan 23, 2013