mattpugh
commented
5 years ago Copied response from https://github.com/WHMCS/sample-merchant-gateway/issues/10. For further discussion, please use that thread.
Hi there,
Thanks for taking the time to open an issue.
As I understand it, you are working with a payment gateway that is returning a full unmasked credit card number in the API response you receive to a payment request for capture.
I can't recall a time I've ever seen a payment gateway return sensitive information such as a full credit card number in plain text format. It would not only be very unusual to see something like this but also a significant security concern with the gateway itself. If you were to find a payment gateway API that was doing something like this, I would suggest contacting that gateway and reporting it to them as a security concern at the very least.
That said, if there is sensitive information contained within the response data, then masking it or removing it entirely would certainly be appropriate before passing it to logging. However from our experience, API response data containing sensitive data is rare and also very gateway specific, and that's why the sample code we provide does not cater to this at this time. We can consider adding some kind of inline note within the code, however, it would need to be something generic enough to make sense in all scenarios.
I will also add that it is always expected that our sample module code will be used in conjunction with our developer documentation where it is stated that any data returned will be logged (ref https://developers.whmcs.com/payment-gateways/merchant-gateway/).
Thanks, Matt
Currently the return value for transactions shows as including the raw response from the payment gateway like this:
'rawdata' => $responseData,However many gateways return a bunch of data so that the requesting system can validate the request. This return data often includes the credit card number. The sample module should show a sample line like this to indicate that the developer should use proper security practices prior to storing that response data in the tblgatewaylog: