Credit cards numbers are stored as MD5 hash and the last four digits, and the plug-in can be used without breach of PCI DSS (Payment Card Industry Data Security Standard).
Note: In Billing, the full numbers of cards are shown in the black list of credit cards. This does not comply with PCI Security Standards. Thus, when using Billing, disable the credit cards black list to make Billing compliant with PCI DSS.
To configure the plug-in:
- Open System > Settings > Fraud Screening.
- Select the Black List of Credit Cards plug-in by clicking the respective link in the Plugin Name column.
- Click Add New CC Number. Fill out the form:
- Input a credit card number into the CreditCard Number field.
- Select the Enabled option to enable the mask. Before the mask is enabled it is presented in the masks list, but remains unavailable for using in fraud screening rules.
- Click Save to finish adding new mask.
Note: Under specific configuration of fraud screening, the following problem may arise: when a payment is refunded, all its parameters are put into the black lists that are configured (e.g. the customer credit card, black list of service plans, etc). To handle the situation, after refunding, the staff member must adjust the black lists if required (for example, if the credit card is not supposed to be included to the list, staff member must delete it from the list manually after refunding the payment).