ShopSite Forums

[Larry Bohen]

We have upgraded to version 8.0 and understand that the CVV will disappear
if one of two events occurs:

1. An order is viewed in the back office and closed;

2. An order is downloaded;

The answer may be obvious, but I need to ask if an Stone Edge Order Manager
import will make the CVV disappear?

--
Larry Bohen
www.audiobooksonline.com

[Jim]

Once the CVV has been viewed or downloaded it will be marked as
**purged** and will at that point no longer be saved. I don't know how
Stone Edge works so you will have to check with them to find out for
sure. I think they are using the db_xml.cgi to download orders so my
comment below may apply.

I did a test and if I used the db_xml.cgi method to download the orders
and it was not done in secure mode, so the credit card info was not
downloaded with the order, or if I didn't specify the "pay" parameter,
the CVV value was still viewable when looking at the order in the back
office (1st time only). I did a tab delimited download using selected
fields and did not include the CVV as one of the fields and the CVV
value was still viewable in the backoffice when viewing the order.

Jim

Larry Bohen wrote:

We have upgraded to version 8.0 and understand that the CVV will disappear
if one of two events occurs:

1. An order is viewed in the back office and closed;

2. An order is downloaded;

The answer may be obvious, but I need to ask if an Stone Edge Order Manager
import will make the CVV disappear?

[Larry Bohen]

Jim, I've asked Stone Edge and Barney's reply is: "We use the XML interface,
which ShopSite added specifically for our use (although I'm sure others use
it too, now)."

Barney further says that he has no idea if Order Manager's "Import Via
Internet" using your XML interface will trigger the new purge CVV feature.

Do you know whether using the XML interface you implemented for OM will
purge CVVs?

--
Larry Bohen
www.audiobooksonline.com
"Jim" <jstavast@xmission.com> wrote in message
news:ddjcn6$mdr$1@eval.shopsite.com...

Once the CVV has been viewed or downloaded it will be marked as **purged**
and will at that point no longer be saved. I don't know how Stone Edge
works so you will have to check with them to find out for sure. I think
they are using the db_xml.cgi to download orders so my comment below may
apply.

I did a test and if I used the db_xml.cgi method to download the orders
and it was not done in secure mode, so the credit card info was not
downloaded with the order, or if I didn't specify the "pay" parameter, the
CVV value was still viewable when looking at the order in the back office
(1st time only). I did a tab delimited download using selected fields and
did not include the CVV as one of the fields and the CVV value was still
viewable in the backoffice when viewing the order.

Jim

Larry Bohen wrote:
We have upgraded to version 8.0 and understand that the CVV will
disappear if one of two events occurs:

1. An order is viewed in the back office and closed;

2. An order is downloaded;

The answer may be obvious, but I need to ask if an Stone Edge Order
Manager import will make the CVV disappear?

[jim]

If the CCV data is downloaded it will be purged it doesn't matter if it
is done by XML or tab delimited. Note that if the XML download is done
using db_xml.cgi (what OM would be using) and a non-secure url (i.e.
http:// instead of https://) the payment information is never downloaded
so this would not remove from the order database so it would still be
available to view in the back office. Also if it is done securely and
the "pay" option is not specified in the url it will also not be
downloaded so it would still be available to view in the back office.

Note that you will have 1 shot only to get the information either if it
is viewed in the backoffice or if it is downloaded. So which ever way
you get it make sure you do what ever processing you need to while you
have access to it because you can not get it a second time. If you
download the information you will need to make sure that it is secure on
your local machine since at that point it is beyond ShopSite control and
it should be deleted as soon as you have processed the credit card.

Jim

Larry Bohen wrote:

Jim, I've asked Stone Edge and Barney's reply is: "We use the XML interface,
which ShopSite added specifically for our use (although I'm sure others use
it too, now)."

Barney further says that he has no idea if Order Manager's "Import Via
Internet" using your XML interface will trigger the new purge CVV feature.

Do you know whether using the XML interface you implemented for OM will
purge CVVs?

[Barney Stone]

The Stone Edge Order Manager can import ShopSite orders via downloaded text
files or via XML using db_xml.cgi. XML is definitely the prefered method. It
is normally done via secure connection, and with the Pay option turned on,
so it sounds like that should trigger the clearing of the CVV2 codes. Also
note that the Order Manager does NOT import CVV2 codes - it only imports the
CVV2 response, if one has been received already. Normally the merchant would
have ShopSite get a pre-authorization using the CVV2 code. The Order Manager
can then be used to capture the funds when you are ready to ship. The CVV2
code is no longer needed at that point.

Hope that helps to clarify the situation.

- Barney Stone, President
Stone Edge Technologies, Inc.
215-641-1837
www.StoneEdge.com

"jim" <jstavast@xmission.com> wrote in message
news:ddob74$dpa$1@eval.shopsite.com...

If the CCV data is downloaded it will be purged it doesn't matter if it is
done by XML or tab delimited. Note that if the XML download is done using
db_xml.cgi (what OM would be using) and a non-secure url (i.e. http://
instead of https://) the payment information is never downloaded so this
would not remove from the order database so it would still be available to
view in the back office. Also if it is done securely and the "pay" option
is not specified in the url it will also not be downloaded so it would
still be available to view in the back office.

Note that you will have 1 shot only to get the information either if it is
viewed in the backoffice or if it is downloaded. So which ever way you
get it make sure you do what ever processing you need to while you have
access to it because you can not get it a second time. If you download
the information you will need to make sure that it is secure on your local
machine since at that point it is beyond ShopSite control and it should be
deleted as soon as you have processed the credit card.

Jim

Larry Bohen wrote:
Jim, I've asked Stone Edge and Barney's reply is: "We use the XML
interface, which ShopSite added specifically for our use (although I'm
sure others use it too, now)."

Barney further says that he has no idea if Order Manager's "Import Via
Internet" using your XML interface will trigger the new purge CVV
feature.

Do you know whether using the XML interface you implemented for OM will
purge CVVs?

[loren_d_c]

"Normally the merchant would have ShopSite get a pre-authorization using
the CVV2 code."

Only if the merchant is using a real-time payment gateway (such as
VeriSign Payflow Pro, Authorize.net, or Linkpoint, etc) with ShopSite.
And in that case, ShopSite does not store the CVV2 information after
passing it off to the gateway anyway.

-Loren



Barney Stone wrote:

The Stone Edge Order Manager can import ShopSite orders via downloaded text
files or via XML using db_xml.cgi. XML is definitely the prefered method. It
is normally done via secure connection, and with the Pay option turned on,
so it sounds like that should trigger the clearing of the CVV2 codes. Also
note that the Order Manager does NOT import CVV2 codes - it only imports the
CVV2 response, if one has been received already. Normally the merchant would
have ShopSite get a pre-authorization using the CVV2 code. The Order Manager
can then be used to capture the funds when you are ready to ship. The CVV2
code is no longer needed at that point.

Hope that helps to clarify the situation.

- Barney Stone, President
Stone Edge Technologies, Inc.
215-641-1837
www.StoneEdge.com

"jim" <jstavast@xmission.com> wrote in message
news:ddob74$dpa$1@eval.shopsite.com...

If the CCV data is downloaded it will be purged it doesn't matter if it is
done by XML or tab delimited. Note that if the XML download is done using
db_xml.cgi (what OM would be using) and a non-secure url (i.e. http://
instead of https://) the payment information is never downloaded so this
would not remove from the order database so it would still be available to
view in the back office. Also if it is done securely and the "pay" option
is not specified in the url it will also not be downloaded so it would
still be available to view in the back office.

Note that you will have 1 shot only to get the information either if it is
viewed in the backoffice or if it is downloaded. So which ever way you
get it make sure you do what ever processing you need to while you have
access to it because you can not get it a second time. If you download
the information you will need to make sure that it is secure on your local
machine since at that point it is beyond ShopSite control and it should be
deleted as soon as you have processed the credit card.

Jim

Larry Bohen wrote:

Jim, I've asked Stone Edge and Barney's reply is: "We use the XML
interface, which ShopSite added specifically for our use (although I'm
sure others use it too, now)."

Barney further says that he has no idea if Order Manager's "Import Via
Internet" using your XML interface will trigger the new purge CVV
feature.

Do you know whether using the XML interface you implemented for OM will
purge CVVs?