Secure credit card storage
Secure credit card storage
By default, when an order is created, the full credit card number is encrypted and stored in the TORDERPAYMENT database table. This can be changed on a store-by-store basis by disabling the Save full credit card # with orders option in the Commerce Manager.
When Save full credit card # with orders is disabled, the system masks credit card numbers (************2563) before storing them in the CARD_NUMBER column. When it's enabled, card numbers are encrypted before being stored (DGHFE3JH7DAS9DAOKJ9ASDSAD).
The following functionality can be disabled for orders created in a store where Save full credit card # with orders was disabled at order creation time:
- Shipment modfication (any increase in shipment total)
- Split shipments (creating a new shipment on an order)
- Exchanges (Where the exchange order > return value)
- In these situations, the CSR will need to enter the credit card details again (i.e., ask the customer for their credit card information over the phone).
The Save full credit card # with orders option can be enabled or disabled at any time via the Commerce Manager. If Save full credit card # with orders is disabled and orders were created during the time it was enabled, you can use the CryptoTool to decrypt all credit card numbers and rewrite them as masked values for all orders in a specified store.
If Save full credit card # with orders is enabled and orders were created during the time it was disabled, only orders created after the change will support the Commerce Manager order management functionality described above.
Using the CryptoTool
The CryptoTool command line application is located in the Elastic Path source code base under ep-cryptotool. It is most commonly used to decrypt, mask, and encrypt card numbers stored in the TORDERPAYMENT table, but it can encrypt/decrypt data in any column in any table in the database.
The following shell script reads the CARD_NUMBER column of each row in the TORDERPAYMENT table, decrypt it using the specified decryptKey, writes the new decrypted and masked value in the MASKED_CARD_NUMBER column, and set CARD_NUMBER column to null.
#!/bin/bash export INCLUDE=`echo lib/*.jar|tr ' ' ';'` export CLASSPATH=".;bin/main;$INCLUDE" export JAVA_OPTS="-ea -Xms256m -Xmx512m" echo $CLASSPATH echo 'warning: using default options (--decryptKey, --dryRun)' java -cp $CLASSPATH $JAVA_OPTS com.elasticpath.util.cryptotool.CryptoTool -dbUser 'root' -dbPass '' \ -jdbcDriver 'com.mysql.jdbc.Driver' \ -dbUrl 'jdbc:mysql://localhost:3306/EP6_MAIN_DB?useUnicode=true&characterEncoding=UTF8' \ -stores 'SNAPITUP' -mask -decryptKey \ "this must be changed in production" -verbose -dryRun "$@" java $JAVA_OPTS com.elasticpath.util.cryptotool.CryptoTool \ --dbUser 'root' \ --dbPass '' \ --jdbcDriver 'com.mysql.jdbc.Driver' \ --dbUrl 'jdbc:mysql://localhost:3306/COMMERCE_DB_640?autoReconnect=true' \ --stores \ --mask \ --decryptKey "this must be changed in production" \ --verbose \ --dryRun \ "$@"
The dryRun option prevents the tool from actually making changes in the database.
Running this script outputs the following:
$ ./cryptotool.sh warning: using default options (--decryptKey, --dryRun) Elastic Path CryptoTool Beginning database updates. Row 1 CARD_NUMBER: yChjFFVtLhBFLaPqPVhHmdfW1/3ka8IWWj2L7y+2cUs=" > null MASKED_CARD_NUMBER: null > ************1111 Row 2 CARD_NUMBER: yChjFFVtLhBFLaPqPVhHmdfW1/3ka8IWWj2L7y+2cUs=" > null MASKED_CARD_NUMBER: null > ************1111 Row 3 CARD_NUMBER: yChjFFVtLhBFLaPqPVhHmdfW1/3ka8IWWj2L7y+2cUs=" > null MASKED_CARD_NUMBER: null > ************1111 Row 4 CARD_NUMBER: yChjFFVtLhBFLaPqPVhHmdfW1/3ka8IWWj2L7y+2cUs=" > null MASKED_CARD_NUMBER: null > ************1111 Row 5 CARD_NUMBER: yChjFFVtLhBFLaPqPVhHmdfW1/3ka8IWWj2L7y+2cUs=" > null MASKED_CARD_NUMBER: null > ************1111