Jump to content
  • 0

Eway Question - Card Info Stored Locally Or On Eway?


Question

Posted

I've been looking into using either Stripe or eWay and thus far have been testing out Stripe. I noticed with Stripe it has a checkbox that allows you to check it so that card data is stored on Stripe and not locally, but eWay doesn't have this same checkbox - where is the data stored if the user sets up automatic payments?

 

Thanks!

5 answers to this question

Recommended Posts

  • 0
Posted
  On 10/18/2014 at 3:43 PM, Paul said:

http://docs.blesta.com/display/user/eWay

 

Token Storage is not currently supported (I think this is it https://www.eway.com.au/developers/api/token), but would make a good feature request. Most likely it was not available when we initially implemented eWay.

 

Thanks. :)

 

Ok, so basically you're saying if you use eWay then the card number will be stored locally, that is until if and when tokens are implemented?

 

From what I can see with Stripe only the last 4 digits are stored in an encrypted state.

  • 0
Posted
  On 10/18/2014 at 4:08 PM, gutterboy said:

Thanks. :)

 

Ok, so basically you're saying if you use eWay then the card number will be stored locally, that is until if and when tokens are implemented?

 

From what I can see with Stripe only the last 4 digits are stored in an encrypted state.

 

That's right. With gateways that support tokenization, Blesta stores the last 4 encrypted and the expiry date. The last 4 are stored so the client can identify the card in the payment account, and the expiry so that the client can be notified when their card is expiring and needs to be updated. CVV data is NEVER stored in Blesta.

 

If we implement token storage for eWay, it will then support both local and tokenized storage of card numbers. Some people prefer local storage, because it means they are not "locked" into using a particular gateway. Of course, tokens are much more secure and we recommend using token storage whenever possible.

  • 0
Posted
  On 10/18/2014 at 10:02 PM, Paul said:

That's right. With gateways that support tokenization, Blesta stores the last 4 encrypted and the expiry date. The last 4 are stored so the client can identify the card in the payment account, and the expiry so that the client can be notified when their card is expiring and needs to be updated. CVV data is NEVER stored in Blesta.

 

If we implement token storage for eWay, it will then support both local and tokenized storage of card numbers. Some people prefer local storage, because it means they are not "locked" into using a particular gateway. Of course, tokens are much more secure and we recommend using token storage whenever possible.

 

Thanks very much Paul!

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...