This is a possible addition you may want to implement, while still being compliant and safe with PCI regulations.
Right now, you obfuscate the CC number and limit it to only display the first four digits, and the last four digits on the Customer Order.
I would propose you allow the first 6 DIGITS to be displayed. Why?
6 Digits allows people to check BIN numbers (in a BIN lookup database) to determine what kind of card it may be (credit, debit, prepaid, etc). This is highly useful to help stop fraud.
You see, many customers will use PREPAID credit cards on their purchases, and those prepaid cards usually will return an AVS code of "N". Normally, with a credit or debit card, an AVS response of "N" means something could be fishy......they didn't provide matching billing address information registered to the cardholder, and we ask the customer for further proof of identification.
But an AVS response of 'N' on a prepaid card could simply mean the customer never registered their address with the prepaid card. They are just using it for the funds as it was gifted to them. And you need 6 digits to do a BIN Lookup to know what kind of card it is.
So if our BIN lookup shows that it's a prepaid card, then we have more confidence that an 'N' response is not fraud, and we don't need to bother the customer with follow up verification. But if the N response is a credit card or debit card, then we are more strict and diligent in screening the customer.
We already implemented this function by modifying the obfuscateCcNumber() in the paypalr.php file. But if you think this is something that others will find useful, you may consider adding it to a future release.
This is a possible addition you may want to implement, while still being compliant and safe with PCI regulations.
Right now, you obfuscate the CC number and limit it to only display the first four digits, and the last four digits on the Customer Order.
I would propose you allow the first 6 DIGITS to be displayed. Why?
6 Digits allows people to check BIN numbers (in a BIN lookup database) to determine what kind of card it may be (credit, debit, prepaid, etc). This is highly useful to help stop fraud.
You see, many customers will use PREPAID credit cards on their purchases, and those prepaid cards usually will return an AVS code of "N". Normally, with a credit or debit card, an AVS response of "N" means something could be fishy......they didn't provide matching billing address information registered to the cardholder, and we ask the customer for further proof of identification.
But an AVS response of 'N' on a prepaid card could simply mean the customer never registered their address with the prepaid card. They are just using it for the funds as it was gifted to them. And you need 6 digits to do a BIN Lookup to know what kind of card it is.
So if our BIN lookup shows that it's a prepaid card, then we have more confidence that an 'N' response is not fraud, and we don't need to bother the customer with follow up verification. But if the N response is a credit card or debit card, then we are more strict and diligent in screening the customer.
We already implemented this function by modifying the obfuscateCcNumber() in the paypalr.php file. But if you think this is something that others will find useful, you may consider adding it to a future release.