Kryptronic Software Support Forum

Hi Rachael,

Check out this thread. Not sure if that's what's happening with you, but maybe...



Good luck,

Dave - dtwg

Hi Dave - that's not quite the same issue as I'm having, but thanks for the link, it was very close to my problem.

I have an idea about how some of this is occuring:  When I click the order update link for a given order, a form is opened with the customer's information already filled in.  Then, I can amend the information, change the status, etc, and submit the form.  It's possible that the browser is taking that form submission and storing the field values for future use.  That would explain the checkout fields on our site having drop down lists with customer information in them.

That wouldn't explain the fields on PayPal's site having customer-populated drop down lists though.  The customers' credit card numbers are never stored in CCP (I do only online processing), so there is no way that same mechanism is responsible for that behavior.  And it's very disconcerting... anyone have any theories about how that is getting in there?

Rachael

Does the same happen in IE? Or any other browser?
I have had strange behaviour before but not enough to replicate.
Cheers Chris

It seems very difficult to find even  to this.

When you are on an 'Update Online Order'  does the credit number show up as a hidden field in the source code as
<INPUT TYPE="HIDDEN" NAME="tracking_cardnum" VALUE="blah">

Seems like Firefox or an auto-fill type extension would have to be grabbing and saving a hidden field from that page and populating subsequent similar fields with it.

Rachael,

Just so I have this straight you have cached in your local browser, a dropdown field is poulated as if you have made the payments but the payments have only been entered in a secure session once the client has left your server and are making payment on a remote site  (I dont even want to mention the CC word) included.

If that is the case it has to be a very starange set of circumstances as it doesn't seem right at all! If you can replicate it there might be a market there, to our friends on the dark side.

The only common factor is CCP and the clients browser. They are on your site they order they are transferred for payment they are returned. So their browser and CCP are surely in some way involved in the cause.

FF is then in some way seeing this information as a result  of we dont know what. It doesnt even seem CCP is in really in the frame as the user has by that time passed to the remote server - I think.

Cheers Chris

Can you tell FF never to remember data for a given site?

I think you can for passwords.

I would say that short of something really really odd - taking a local phone order or a postal order or someone phoning because they messed their online order and it being entered locally - has to be the most likely explanation.

Cheers Chris

Hi,

I have this problem too with FF - We do not take orders over the phone or post all orders are automatic.

it must be picking up the info when you view the orders in admin.

dont have a problem with CC info showing

charlie