[OPEN-ILS-GENERAL] Deleting (partial) credit card data

Bill Erickson berickxx at gmail.com
Tue Jul 14 10:09:46 EDT 2015


Hi All,

I've opened Launchpad bug for preventing Evergreen from storing credit card
data when credit card payments are made via the TPAC.  Similarly, I'm
proposing that all existing credit card information be deleted as well.
Storing this data is a bad idea for various reasons.  However, since we're
talking about deleting data from the database, I wanted to bring this to
everyone's attention.

The data we want to delete is the partial credit card number, expire date,
credit card type, and first/last name on the card.  Evergreen does not
directly use this data in any way.  The concern is only that existing
reports using this data will no longer function.  Our hope is that no one
is reporting on this data, since it is sensitive, and since you can
generally get the same (or better) data directly from the CC provider, but
we wanted to give everyone a chance to comment.

Here's the bug: https://bugs.launchpad.net/evergreen/+bug/1474051

Does anyone out there in EG land need this data to stay in Evergreen?

-b
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-general/attachments/20150714/32d39209/attachment-0001.html>


More information about the Open-ils-general mailing list