Jump to content
  • 0

Eway Question - Card Info Stored Locally Or On Eway?

gutterboy

Asked by gutterboy,

 Share

Question

gutterboy Newbie

gutterboy

Posted
Posted

I've been looking into using either Stripe or eWay and thus far have been testing out Stripe. I noticed with Stripe it has a checkbox that allows you to check it so that card data is stored on Stripe and not locally, but eWay doesn't have this same checkbox - where is the data stored if the user sets up automatic payments?

 

Thanks!

Link to comment
Share on other sites

5 answers to this question

Recommended Posts

  • 0
gutterboy Newbie

gutterboy

Posted
  • Author
Posted

http://docs.blesta.com/display/user/eWay

 

Token Storage is not currently supported (I think this is it https://www.eway.com.au/developers/api/token), but would make a good feature request. Most likely it was not available when we initially implemented eWay.

 

Thanks. :)

 

Ok, so basically you're saying if you use eWay then the card number will be stored locally, that is until if and when tokens are implemented?

 

From what I can see with Stripe only the last 4 digits are stored in an encrypted state.

Link to comment
Share on other sites
  • 0
Paul Community Regular

Paul

Posted
Posted

Thanks. :)

 

Ok, so basically you're saying if you use eWay then the card number will be stored locally, that is until if and when tokens are implemented?

 

From what I can see with Stripe only the last 4 digits are stored in an encrypted state.

 

That's right. With gateways that support tokenization, Blesta stores the last 4 encrypted and the expiry date. The last 4 are stored so the client can identify the card in the payment account, and the expiry so that the client can be notified when their card is expiring and needs to be updated. CVV data is NEVER stored in Blesta.

 

If we implement token storage for eWay, it will then support both local and tokenized storage of card numbers. Some people prefer local storage, because it means they are not "locked" into using a particular gateway. Of course, tokens are much more secure and we recommend using token storage whenever possible.

Link to comment
Share on other sites
  • 0
gutterboy Newbie

gutterboy

Posted
  • Author
Posted

That's right. With gateways that support tokenization, Blesta stores the last 4 encrypted and the expiry date. The last 4 are stored so the client can identify the card in the payment account, and the expiry so that the client can be notified when their card is expiring and needs to be updated. CVV data is NEVER stored in Blesta.

 

If we implement token storage for eWay, it will then support both local and tokenized storage of card numbers. Some people prefer local storage, because it means they are not "locked" into using a particular gateway. Of course, tokens are much more secure and we recommend using token storage whenever possible.

 

Thanks very much Paul!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to question listing
×
×
  • Create New...