Changes to Encryption in Miva Merchant Version 9.0005
To improve security, the following payment modules in Miva Merchant 9.0005 will only store the last 4
digits of credit card numbers unless encryption is enabled.
- Authorize.Net Payment Services v3.1
- CHASE Paymentech Orbital Gateway
- First Data Global Gateway
- Intuit Merchant Services
- PayPal Payments Advanced in Payflow Pro mode
If you enable encryption, you can configure the Payment Module to store the entire credit card number.
You'll be able to view the encrypted credit card numbers by entering your passphrase.
Example - Using Authorize.Net Without and With Encryption
- We'll install the Authorize.Net module and configure it to store the entire credit card number. At the
moment, we are not using encryption.
- A customer buys something in our store using their American Express card.
We configured the Payment Module to save the entire credit card number, but since we aren't using
encryption right now, only the last 4 digits are saved. Even after we enable encryption we won't be
able to view the entire credit card number, since it wasn't written to the store database
- Now we'll enable encryption (see To Enable Encryption in Your Store).
- A second customer buys a product in our store using their American Express card.
Encryption is enabled and the Payment Module is set up to store the entire credit card number. The
credit card number doesn't automatically display when we view the order, but we can see the entire
number by clicking on the padlock icon and entering our passphrase.
- Updating your store to Version 9.0005:
- You may want to delay upgrading to Miva Merchant 9.0005 until you have verified that you have
no processes or integrations that rely on unencrypted card numbers.
- Credit Card Payment with Simple Validation:
- In Miva Merchant 9.0005, the Credit Card Payment with Simple Validation module will not
process payment unless encryption is enabled.
- In a new 9.0005 store, the Credit Card with Simple Validation module will not appear on the list
of available modules, unless encryption is already enabled.
- The 9.0005 upgrade will not install if Credit Card with Simple Validation is installed and there is
no valid encryption key.