The SimpleOffline plug-in delegates the encryption and storage of sensitive data in the database to the Payment Plug-in Controller. By default (as provided with the plug-in), the following keywords are configured as sensitive data in the PaymentSystemPluginMapping.xml file for the SimpleOffline plug-in:
- cc_cvc (card verification code for the credit card)
- cc_nameoncard (name on credit card)
You can modify the PaymentSystemPluginMapping.xml file to use any new keywords.
This data is retained after a pending credit card payment is approved manually in an offline transaction. To delete this data, Customer Service Supervisors (or users with the appropriate authority) can use the WebSphere Commerce Accelerator to edit the extended data for the transaction.
The plug-in does not have any access control. It grants the accesses permitted by the event-driven payments subcomponent and the Payment Plug-in Controller.