Cybersource Developer Community Cybersource Developer Community

sdwebguy · ‎03-21-2016

At 6:20pm CT on 3/21/16, calls made to the CIM API started to return the full cardholder's card number in the raw response.

We make a createCustomerProfileTransactionRequest call with a customerPaymentProfileID and other information, and now we get back a directResponse that no longer contains XXXX1111 in the appropriate position, but the full card number instead -- something that should never be included.

It does the same when we use the sandbox URL.

Would like to know when this will be addressed.

sdwebguy · ‎03-22-2016

I never did hear back from Authorize, but according to our logs we stopped receiving the full card numbers just before 3/22 4AM CT. Now we have lots of data to erase!

View solution in original post

DustinBrett · ‎03-22-2016

I can confirm this happened. We use auth.net also on our site and we store their response strings before we process the orders. There was a short time on the 21st where auth.net's API was responding with full CC #'s, not XXXX####.

sdwebguy · ‎03-22-2016

I never did hear back from Authorize, but according to our logs we stopped receiving the full card numbers just before 3/22 4AM CT. Now we have lots of data to erase!

sdwebguy · ‎03-22-2016

Thanks for this initial post sdwebguy and the follow up DustinBrett. Our internal team identified this issue and resolved it.

Cybersource Developer Community Cybersource Developer Community

CIM API calls now returns the full card number in plain text instead of a masked version