Credit Card Storage

Secure storage of payment information is an essential element of credit card security. If ShopSite is storing credit card information, it will always be encrypted. The default encryption method is Symmetric, meaning the information is encrypted and decrypted using the same key (or password). While symmetric encryption is a good security measure, it does have some weaknesses. Because the same password is used to encrypt and decrypt the information, the password has to be stored on the server, making it potentially vulnerable to malicious hackers. A more secure encryption technique is Asymmetric encryption, which uses a different key to encrypt than is used to decrypt. This means that the encryption key stored on the server can not be used to decrypt orders, and merchants must upload the decryption key to view order information. The uploaded decryption key is only stored on the server while the merchant is logged in, so there's much less chance of a malicious hacker getting the key and, as a result, the customer payment information.

Use this screen to configure how Credit Card information is stored in ShopSite. Select one of the following three options:

Do Not Store Credit Cards

Selecting this option causes ShopSite not to store the full credit card number; only the last four digits are stored. Merchants who are using a real-time payment processor or who are not accepting credit cards can select this option for maximum security.

Asymmetric encryption (Merchant Key)

Merchants who need to have access to credit card information should use Merchant Key encryption for maximum security. A Merchant Key must be created before this option can be selected.

Note:

Only one employee should have access to the Merchant Key. Merchants who store credit card information must also store the information in a remote database behind a firewall to be PCI compliant.

Configure Merchant Key

Click on this button to change the Merchant Key settings. If a key has not been created, the button will go directly to the Key Wizard. After a key has been created, the button will go to the Key Configuration screen.

Symmetric encryption (default)

ShopSite uses a basic encryption algorithm to store credit card information if Merchant Key encryption is not enabled. This encryption method is not as secure as using an asymmetric key.