CS 2007: Where is my CreditCardNumber?

In case you have been playing around with Payments in Commerce Server 2007, you might have noticed and wondered about this property on the CreditCardPayment class: CreditCardNumber . No matter what you set it to, a save and reload of the Basket / PurchaseOrder always results in the value being lost. What is going on?

 

Well, the short answer is that for security reasons, this property (as well as the Pin properties on the various Payment classes) was removed from being persisted in the database. For PurchaseOrders this is done by removing the mapping for this property and for Baskets this is done by not having this property in the GetObjectData method for the class (which is called when this class instance is being serialized for inserting into the marshaled_data column).

 

So if you do need this property to be persisted you will have to do the following:

• In the case of PurchaseOrders extend the mapping and create one from this strongly typed property to an explicit column in the CreditCardPayments table.
• In the case of Baskets, extend the Basket and add this property to the GetObjetData() method of the extended Basket.

Alternately you could also just store this property value in a weakly-typed indexer property or even in the CreditCardIdentifier property. No matter where you keep the value though, it is imperative that you encrypt this highly sensitive data when persisting to the database.

 

One important point to keep in mind is that when saving PurchaseOrders, any strongly typed property not mapped to an explicit column is dropped and will not be persisted to the database. You can have such a property for in memory site usage, but in most cases if you have a strongly typed property you will want to make sure that it is mapped to a column else the data will be lost on a Save.