PayPal Direct detail capture

4 years ago
Hi all,

I'm looking through the Order table for gathering payment types and am noticing that I'm not seeing specific items that would be incredibly helpful, specifically:

CardType, CardName

I've got the maskedCreditCardNumber, no problem. When I look at the order header, the PaymentMethodSystemName is Payments.PayPalDirect.

I have AllowingStoringCreditCardNumber set to 0. Is this something where I have t omidify the actual plugin to save this info?

Tanks,
Jon
4 years ago
BostonEDIGuy wrote:
Hi all,

I'm looking through the Order table for gathering payment types and am noticing that I'm not seeing specific items that would be incredibly helpful, specifically:

CardType, CardName

I've got the maskedCreditCardNumber, no problem. When I look at the order header, the PaymentMethodSystemName is Payments.PayPalDirect.

I have AllowingStoringCreditCardNumber set to 0. Is this something where I have t omidify the actual plugin to save this info?

Tanks,
Jon


The card name would actually be the name on the billing address associated with the order.  The card type and credit card number are stored if you modify the plugin to set AllowStoringCreditCardNumber to true in the ProcessPaymentResult object.
That said, if you are using PayPal Direct, storing this information is unnecessary since you basically use Transaction IDs after the sale - to process refunds for example.
In addition, storing the credit card information in full, even if it is encrypted, is not recommended and you would have no chance of your site becoming PCI compliant.
4 years ago
f1ana wrote:

The card name would actually be the name on the billing address associated with the order.  The card type and credit card number are stored if you modify the plugin to set AllowStoringCreditCardNumber to true in the ProcessPaymentResult object.
That said, if you are using PayPal Direct, storing this information is unnecessary since you basically use Transaction IDs after the sale - to process refunds for example.
In addition, storing the credit card information in full, even if it is encrypted, is not recommended and you would have no chance of your site becoming PCI compliant.


I misspoke here.  You can still be PCI compliant if you store the full info in an encrypted fashion (which Nop does).  Source here:  https://www.pcicomplianceguide.org/how-can-we-securely-store-credit-card-data-for-recurring-billing/
I just thought about recurring billing and did not consider that this may be your use case.  If you do not have plans to utilize recurring billing, then no need to set AllowStoringCreditCardNumber to true.
I've deployed a customized build of NopCommerce in the medical space and our requirements were not to store credit card information at all (not even the masked info!)  It still uses the encryption service but literally encrypts/decrypts to "No credit card on file."  :)