Support » Plugin: WooCommerce Braintree Payment Gateway Integration » Security Issues – works but be warned

  • This plugin works but all merchants should be warned about the security issues of this plugin. After reviewing the code, the developers have opted to expose the credit card and CVV details directly on the server. This is bad for merchants because it makes them ineligible for SAQ A and SAQ A-EP levels of PCI compliance.

    It would be to everyone’s benefit that you posted this information about your plugin directly on the information page as merchants have a right to know how the credit card data is being treated by your plugin.

    Also, reviewing your own plugin? Conflict of interest.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author MULTIDOTS

    (@dots)

    Hello @its_all_good,

    This plugin is never stores any customer’s credit card details and never stores card details in a Braintree account. so can you please let us know how you feels security issue regarding the card details and plugin.

    Also you can see in log there is no CVV details in response.

    [paymentInstrumentType] => credit_card
                        [processorSettlementResponseCode] =>
                        [processorSettlementResponseText] =>
                        [threeDSecureInfo] =>
                        [creditCardDetails] => Braintree_Transaction_CreditCardDetails Object
                            (
                                [_attributes:protected] => Array
                                    (
                                        [token] =>
                                        [bin] => 378282
                                        [last4] => 0005
                                        [cardType] => American Express
                                        [expirationMonth] => 01
                                        [expirationYear] => 2030
                                        [customerLocation] => International
                                        [cardholderName] =>
                                        [imageUrl] => https://assets.braintreegateway.com/payment_method_logo/american_express.png?environment=sandbox
                                        [prepaid] => Unknown
                                        [healthcare] => Unknown
                                        [debit] => Unknown
                                        [durbinRegulated] => Unknown
                                        [commercial] => Unknown
                                        [payroll] => Unknown
                                        [issuingBank] => Unknown
                                        [countryOfIssuance] => Unknown
                                        [productId] => Unknown
                                        [uniqueNumberIdentifier] =>
                                        [venmoSdk] =>
                                        [expirationDate] => 01/2030
                                        [maskedNumber] => 378282******0005
                                    )
    
                            )

    Please let us know your thoughts so that if any issue from our end, we can sort it out.

    Thanks

    Plugin Author MULTIDOTS

    (@dots)

    Hello @its_all_good,

    Kindly let me know you feedback for the same. Where you found the security concern? I already sent you the log file review it and let me know your thought ASAP. So we can resolve soon.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security Issues – works but be warned’ is closed to new replies.