I see that changes were made to remove payment information for uncompleted orders in http://drupal.org/node/468846. However, wouldn't it be wise to remove the payment information for completed orders as well? That is what is done for credit card orders. However, it seems like with this module that the bank routing and account numbers persist in the database, albeit encrypted. Why does that information need to linger?

Comments

webservant316’s picture

webservant316 CreditAttribution: webservant316 commented

actually, according the authorize underwriting policy this information needs to remain attached to the order for 2 years, though encrypted and secure I am sure.