Credit Card Encryption on the Native Webstore Template

Acctivate’s Native web store connector supports transferring encrypted credit card numbers from the web store to Acctivate.

Credit card numbers should be encrypted using AES with a 128-bit block size, 256-bit key length, and CBC mode. Blocks should be padded with zeroes. It should be sent to Acctivate formatted as $AES256CBC$iv$encrypted_number

  • iv is the base64-encoded initialization vector used during encryption
  • encrypted_number is the base64-encoded encrypted credit card number.

The party responsible for passing the Encrypted card numbers to Acctivate via the API will enter the CC encryption key once into the webstore template options. Acctivate will then encrypt that key using a proprietary encryption in the company database.

To enter the key into the webstore template options, go to File > Import Sales Orders. Then find the corresponding template id and select Edit. You’ll select Next twice and then the template options page will show. You will enter the CC encryption key you have generated into the ‘Encryption key for decrypting CC numbers‘ field. Close the window and select to Savechanges. The key will then be encrypted in the database and users will not be able to view it on the template options either. 

Examples

Note that since the IV should be randomly-generated, encrypting the same CC number with the same key should generate a different encrypted result each time. However, decrypting the encrypted number should result in the correct CC number.

Example 1:

example1

Example 2:

example2

Example 3:

example3

Sample Code

Visual Basic .NET

PHP

Python 3