There are two types of payment systems: those that redirect to payment system site (e.g. PayPal Website Payments Standard, 2CheckOut) and the ones that take credit card details on your site and process payment behind the scenes (e.g. PayPal Website Payments Pro, Sage Pay Direct).
When customer fills in data in ViArt Shop on credit_card_info page it is saved in the session and passed to payment gateway this way. Session is usually stored for a couple of minutes and it's impossible to pick up information from there unless hacking the server, and if server is hacked there are much easier ways to steal credit cards.
Next you can select in admin panel at Settings > Orders > Payment Systems > Payment Details Page whether you prefer to save customers' credit card numbers or not. If you select "Don't save in the database" then information exists no longer than duration of the session. If you select "Save encrypted" then credit card numbers are encrypted, saved in database and you can see the full non-encrypted number in admin panel on order details page. Also there is an option to "Cut off from credit card number four last digits".
Note: The option to save numbers is usually needed if you process cards offline by yourself otherwise you don't need saving credit cards and view them in admin panel.
|