5.1 Configuration
If you use any of the credit card payment modules to manually process credit card transactions, the numbers normally are stored in your database in plain text. To offer your customers greater security, you can opt to encrypt these numbers.
To use credit card encryption, go to Admin => Encrypt & Decrypt => Configuration:
Select Enable CC encryption, click "Edit," and select "True."
This module uses a Key File to encrypt and decrypt the data. The default Key File is "cc_key.php," and it is stored in the folder called key/ in the includes/ directory. If you wish to specify a new folder within the includes/ directory, select Path to key file, click "Edit," and enter the new directory path. Click "Update" when you are done.
If you wish to use a different key for encryption and decryption, select Key File Name, click "Edit," and enter the new filename. Click "Update" when you are done.
5.2 Encrypting and Decrypting Credit Cards
To encrypt all credit card numbers, go to Admin => Encrypt & Decrypt => Update CC Data and click the "Encrypt" button at the top of the screen. To encrypt individual credit card numbers, select the number then click the "Encrypt" button in the edit menu.
To decrypt all credit card numbers, click the "Decrypt" button at the top of the screen. To decrypt individual credit card numbers, select the number then click the "Decrypt" button in the edit menu.
5.3 Purging Credit Card Records
Once you have processed a transaction and the payment has cleared, it is good management practice to delete the credit card numbers from your database. Go to Admin => Encrypt & Decrypt => Purge CC Data, select the credit card number, and click the "Remove" button in the edit menu.
5.4 Managing Encryption Keys
You should periodically change your encryption key as a security measure. CRE Loaded comes with two key files already in place. You can periodically switch between these keys or create your own.
Go to Admin => Encrypt & Decrypt => Manage Keys:
| Warning: Do not edit the primary key file for your site once you have begun encrypting data. This may cause the loss of any existing data you have encrypted. |
To create a new encryption key, click the "Edit" button beside New key file. Enter your new key -- you may enter anything you want, from a phrase to a random set of numbers and letters. The longer the phrase, the more secure your data will be. Inclusion of numbers and use of both upper and lower case characters will also make your phrase more difficult for a hacker to guess.
Once you have entered the new key, click "Save." The new key will be displayed for your verification -- click "Save" to use this as your new encryption key. If you made a mistake, click "Restore" and the previous key will be restored.
Once you have created a new key, go to Convert CC Data. Click "Convert" to convert the existing encrypted data to the new key. The process converts the data by decrypting with the old key and encrypting with the new one; it then copies the "Primary Key File" to a back-up file and moves the "New key file" to the "Primary Key File."
5.5 Credit Card Blacklist
This menu lets you store any individual credit cards you want to specifically refuse to accept -- stolen or fraudulent cards, or even cards from problem customers.
Go to Admin => Tools => Credit Card Blacklist. Click "Insert," then enter the credit card number you wish to decline and click "Save." Be sure to enter the credit card number without any dashes or spaces.
To remove a card from your Blacklist, simply highlight it and click "Delete." You will be asked to confirm your choice by clicking "Delete" a second time.
