Card data held by OFN when using Stripe payment processor


#1

Could you please confirm what card details are held in OFN when using the Stripe payment processor. I’ve read in another post that these details are only held at Stripe. However, when I log in to the administrative area of OFN I can see the last four digits of the card for a recent payment and the expiry date of the card. Is any other card data held within the OFN system?


#2

Hello William. I am a bit new to Stripe but my understanding is that Stripe enables the shopper to authorize an OFN shopfront to use their card for ongoing transacations without the shopper having to re-enter card details each time. There is also the option for the shopper to set up several cards. So my understanding is that the full card details are held securely by Stripe and that OFN only holds a reference for each card so that the shopper can choose which card to use.

I will ask @Lynne.OFN.Tech to put me right if this is not accurate.


#3

Hi William and Nick,
Fundamentally you are correct, Nick.
OFN stores absolutely no credit card data. Instead we do a secure request to Stripe to access card details each time.
Hope that helps.
Lynne


#4

Thanks for the clarification @Lynne.OFN.Tech, but could you confirm how the OFN software is able to show the last four digits of the card and the expiry date? I found this by looking at the transaction record for a recent payment.

Screenshot below (with sensitive data removed).

Screenshot-2018-1-22 Payments - OFN Administration


#5

@wmortada Although I can’t answer the “how” in technical terms, the last four digits and expiry date can’t compromise anyone’s card information. If this is all that’s showing, all is well.


#6

Thanks @olivermuller. Yes, it’s just the last four digits and the expiry date that are showing. However, I would like to know what is actually stored in the OFN database so the “how” is quite important.

There are three possibilities that I can think of:

  1. no card details are stored in OFN and this page requests the details from Stripe
  2. OFN stores the last four digits and the expiry date in its database
  3. OFN stores the full card details in the database but only displays the last four digits and the expiry date to the user

It would be good to have confirmation so that we can be clear with our customers.


#7

Hi William,
I’ve just looked into this and can confirm that we hold only the last 4 digits and expiry date in our database.
No other card details are ever stored on our severs in any way.
As per all other data you can let us know if you want this permanently deleted. Customer are also able to delete card data themselves.
Hope that helps,
Lynne


#8

Hi Lynne,

Thanks for confirming this. I think it is good to be clear with OFN customers about what details are stored in the system.

My understanding was that no credit card data was stored at all, so this rang alarm bells when I could see some credit card details were being displayed in OFN. If we can be clear about what is and isn’t stored in the system I think that should help to retain customer confidence.

Best wishes,
William