Any reason I could not add a field to the database and modify the sql statement to write the cc number to the database?

My client really needs this as they will not be processing online, but email is unacceptable.

Hi,

Thanks for posting. That would definitely be possible if you are familiar with PHP. We don't recommend it, as it can be a big liability. If you were to do that, I would highly suggest you access the admin section of the cart using a secure URL instead of a regular http:// one.

The method Squirrelcart offers to send the credit card info uses a transpose number to alter the CC number before sending via email. You can read more about it here:

http://www.squirrelcart.com/help/?4.5.1.2.4

Thanks,
Jamie

I just get an error when I try to access that link...

do you really think that accessing CC info online over an SSL connection is really less safe than getting an email...even an "encrypted" one?

What are the dangers that you see?

Hmmm...that's strange...the link works OK for me. This one is more direct:

http://www.squirrelcart.com/help/EmailingCreditCardInfo.html

We don't recommend using the email CC feature, but we have had so many requests for something similar, that we added it. It is not using encryption. It is a basic addition that is performed on the CC number before it is sent, using a lengthy transpose number that you provide. You have to subtract that number to get at the actual credit card number. The danger with this is that if someone where to get a hold of your transpose number, and intercepted the email, they could obtain the CC number.

I wouldn't recommend storing the CC numbers in the database either. The risk would be if someone got access to your MySQL database, either directly through MySQL, through a database backup, or through the server's file system. The most secure method is to not store the CC info.

We will be looking into other methods of securing CC data in the future.

Thanks,
Jamie