cancel
Showing results for 
Search instead for 
Did you mean: 

CIM API calls now returns the full card number in plain text instead of a masked version

At 6:20pm CT on 3/21/16, calls made to the CIM API started to return the full cardholder's card number in the raw response.

 

We make a createCustomerProfileTransactionRequest call with a customerPaymentProfileID and other information, and now we get back a directResponse that no longer contains XXXX1111 in the appropriate position, but the full card number instead -- something that should never be included.

 

It does the same when we use the sandbox URL.

 

Would like to know when this will be addressed.

sdwebguy
Contributor
1 ACCEPTED SOLUTION

Accepted Solutions

I never did hear back from Authorize, but according to our logs we stopped receiving the full card numbers just before 3/22 4AM CT. Now we have lots of data to erase!

View solution in original post

sdwebguy
Contributor
3 REPLIES 3

I can confirm this happened. We use auth.net also on our site and we store their response strings before we process the orders. There was a short time on the 21st where auth.net's API was responding with full CC #'s, not XXXX####.

DustinBrett
Member

I never did hear back from Authorize, but according to our logs we stopped receiving the full card numbers just before 3/22 4AM CT. Now we have lots of data to erase!

sdwebguy
Contributor

Thanks for this initial post sdwebguy and the follow up DustinBrettOur internal team identified this issue and resolved it.

David
Administrator Administrator
Administrator