Script Package (Magento v 1.3.2.1) Updated

There are some changes in Magento over the past few months, and my old patch package for v 1.2 was obsolete. I applied my code changes for temporary-CCV-storage-plus-wipe to the latest version of Magento (v 1.3.2.1 as of this writing) and prepared a zip file (see below).

This patch allows the CCV field to be saved in encrypted form (using the saved CC payment method), and then you can wipe the sensitive payment information from the order after you process the payment information by hand.

In addition to the changes I discusses in earlier posts, I made one change two changes in the behavior. Instead of completely wiping payment information from Sales Quotes, I now delete the encrypted CC info field and leave the other payment info as is. This is the same thing I do for the Sales Orders and I think it makes more sense this way. In addition card expiration date & month is also removed for security.

Here is a link to the package for your download:

magento_1_3_2_1_update_rev_2.zip
(MD5 76d70e6fad356ed2fc5da6a6ab455ccd)

To use this, copy the files over your existing development Magento installation (assuming your installation resides in "store") and run the included SQL script for your database. You will need to clear your configuration cache in the admin dashboard for changes to take effect!

In addition, the change will only affect new orders; old orders still will not have any CCV information. So after you implement changes, create a new order with CC information and verify that the information is being stored / removed as expected.

If you have not carefully reviewed the code, you are nuts to just plunk this down on a production server. Check to make sure it works in a development environment, and read some of my previous posts to see the limitations.

Part 4: Script Package (updated)

If you are feeling brave, I packaged up everything into one file for download:
magento_1_2_1_update_rev_3.zip
(MD5 278f36480336897676a28f6561e827ec).

This contains the updates to wipe payment information from both the sales quote and the sales order tables in the database.

For your sanity here is a list of the website files:


To use this, copy the files over your existing development Magento installation (assuming your installation resides in "store") and run the included SQL script for your database. If you have not carefully reviewed the code, you are nuts to just plunk this down on a production server. Check to make sure it works, and read some of my previous posts to see the limitations.

The CCV should show up as the alt text when hovering over the CC number in the order page. However this will only be available if a secure connection (https port 443) is detected. When viewing is not secure (http port 80) then CC information is truncated. This functionality is controlled in the ./app/design/adminhtml/default/default/template/payment/info/ccsave.phtml file.

Finally, note that this modification is still a work in progress, and I may post little updates as I make changes and time permits.