I have recently have read that the Credit Card (saved) payment method is not meant to be used on a live site.
What are the reasons for this?
I understand this method stores the credit card number encrypted in the database. Does this violate PCI compliance?
Is there any other reason then security risks?
Best Answer
The main reason would be security of your customer's information. If anything where to happen with the credit card information you could be held liable.
Being PCI Compliant goes well beyond having an encrypted database. You can find all the information about PCI Compliance here
Dan
www.ecommercewebsites.biz