Leaderboard

Mastercard/Visa rules are clear that the CVV may not be stored in any form. Sending the CVV over email is storing as the message is sent to a mail server where it is retained. Moreover, sending any card data over email is extremely insecure, especially in plain-text. All that's needed to process a card in most instances is the number, expiration date, and CVV. If the email contained the CVV, and 8-digits of the card number, it's entirely possible to guess the expiration date and the other 8 digits, as the first four digits tell you the card type and the Luhn alogrithm narrows it down significantly. PCI also states that any portion of the card number stored must be encrypted. This includes the last four digits as well, so again, sending that in plain-text over email is a big no-no.

yes... upgrade sucess !! and no problems Thanks

There isn't a way in Blesta to limit a customer to ordering a product only once. After all, they could go to the order form without being logged in, select the product they want, then login afterward. If such a 1-time limit was set, Blesta would have to then remove the product upon login, and display an error message regarding this removal.