Closed HenKun closed 1 year ago
Thank you for bringing up this matter. Although the module code itself may not require the storage of this information, it could potentially be utilized in downstream systems, such as direct refunds, that do not involve Mollie.
While I acknowledge that this occurrence may not be ideal without the merchant's awareness, we plan to enhance the situation by implementing encryption by default.
Additionally, we may provide an option for the merchant to restore the current behavior if they depend on it.
Hello @HenKun,
We're pleased to inform you that the latest version of the Mollie plugin now includes the feature you requested. In the advanced section of the plugin, you will find an option to "Encrypt payment details" which you can enable to secure these details.
We hope this solution meets your requirements. For now, we will mark this issue as resolved. However, if you require further assistance, please feel free to reopen the issue.
Describe the bug In
sales_order_payment
table inadditional_information
column, customer's bank account data is stored for SOFORT payments (and maybe others?) in an unencrypted way.e.g.
I am not sure this is legal in all countries due to PSD2 things and privacy regulations. Since it is not visible in frontend, module users might not be aware of this. Even if it IS legal, if these information is not used anywhere in the system, it need not be stored imho.
Used versions
To Reproduce Steps to reproduce the behavior:
Expected behavior Only private data is stored that is actually used or has a usecase. If possible that required data should be encrypted.
Actual behavior Bank account data is store in clear text.