If you do not want to encrypt payment information, follow these steps. These steps apply whether or not you are enabling WebSphere Commerce Payments.
- Verify that information in the ORDPAYINFO and ORDPAYMTHD database tables is encrypted. To encrypt information, the PDI encrypt field must be checked during instance creation. This is the default value.
- After the order is placed, go to the WebSphere Commerce Accelerator, and retrieve the order. The decrypted credit card number is shown on the Order Summary page.
- Process the order using your own payment mechanism (offline payment).
Encrypting and decrypting credit card information
Even if the store is not connected to a payment manager, the credit card information can still be taken along with the order when the order is submitted for process. The credit card information will be validated with the Mod10 checking algorithm, and then the valid credit card information will be stored for the order, or the order will not be submitted for process.
- Ensure that encryption is turned on (it is by default). If you changed the value of the PDI encrypt field when you set up WebSphere Commerce, follow these steps to enable encryption:
- Launch the Configuration Manager and traverse to the PDI Encrypt node for your instance as follows: WebSphere Commerce > host_name > Instance List >instance_name > Instance Properties.
- Check the PDI encrypt check box.
- To apply your changes to Configuration Manager, click Apply.
- Upon successfully updating the configuration for your instance, you will receive a message indicating a successful update.
- From the WebSphere Application Server Administration Console, stop and restart the WebSphere Commerce Server instance.
- Open the file
OrderSummaryDetailsB2C.jsp or
OrderSummaryDetailsB2B.jsp located in the following directory (this assumes the WebSphere Commerce instance is created already):
- WC_installdir/wc.ear/CommerceAccelerator.war/tools/order
workspace_dir\CommerceAccelerator\Web Content\tools\order
- Search for the section shown in bold.
<TR> <% String creditCardNumber = getPaymentCreditCardNumber(orderId); if (!creditCardNumber.equals("")) { StringBuffer displayCreditCardNumber = new StringBuffer(); for (int i=0;i<creditCardNumber.length()-4;i++){ if(creditCardNumber.charAt(i)!= '-'&&creditCardNumber.cardAt(i)!=''){ displayCreditCardNumber.append("*"); } } displayCreditCardNumber.append(creditCardNumber.substring(creditCArdNumber.length()-4)); %> <TD ALIGN=LEFT> <%= UIUtil.toHTML((String)orderLabels.get("orderSummaryDetCreditCardNumber")) %><%= UIUtil.toHTML((String)orderLabels.get("orderSummaryDetLabelTextSeparator")) %></TD> <TD><l><%= UIUtil.toHTML(displayCreditCardNumber .toString()) %></TD> <% } %> </TR> </TR>
- Comment and add a line as follows:
//for (int i=0; i<creditCardNumber.length()-4; i++) { // if (creditCardNumber.charAt(i) != '-' && creditCardNumber.charAt(i) != ' ') { // displayCreditCardNumber.append("*"); // } //} //displayCreditCardNumber.append(creditCardNumber.substring(creditCardNumber.length()-4)); displayCreditCardNumber.append(creditCardNumber);
Once this is done, you will be able to see the credit card number for the order on the Order Summary page in the WebSphere Commerce Accelerator. Any user who has authority to view the Order Summary page in the WebSphere Commerce Accelerator will be able to see the credit card information, which might have security implications.