I often get asked by other commerce developers about why sensitive credit card isn’t available for their payment processor during the CheckOut and CreditCard pipeline components. What is happening is very simple, Commerce Server is protecting us from credit card fraud. During a multi step checkout process a Credit Card Payment before the final order is created. Well that’s normal, however this can cause a problem as the CommerceUpdateOperation_Basket sequence will actually remove the credit card number and security code before saving it to the database. There is a simple solution to this issue. The following example is provided and meant for the MCF foundation. This is a portion of the Order Review Control:

Basket newOrder = this.presenter.SubmitNewOrder();

The presenter referenced here is the OrderReviewPresenter, we will need to extend this. First thing we will do is grab the payment and then put the credit card number and security code back in.

public void UpdateSecureCreditCardData(string creditCardNumber, string cvv2)
    {
      this.LoadBasket();

      Payment payment = BasketHelper.GetCreditCardPayment(this.View.CurrentCart);
      if (payment != null)
      {
        CreditCard creditCard = (CreditCard)payment.PaymentAccount.Target;
        creditCard.CreditCardNumber = creditCardNumber;
        creditCard.CVV2 = cvv2;

        PaymentAccount paymentAccount = payment.PaymentAccount.Target;
        PaymentMethod paymentMethod = paymentAccount.PaymentMethod.Target;
        string paymentMethodId = paymentMethod.Id;

        this.controller.AddCreditCardPaymentUpdateRequest(this.currentBasketName, payment.Id, paymentMethod.Id, creditCard, TypeHelper.GetSafeDecimal(this.View.CurrentCart.Total));
      }
    }

Then we will go back and add the following code just before we save the order.

this.presenter.UpdateSecureCreditCardData(creditCardNumber, cvv2);

Now that we’ve executed our new method, an operation to update the payment adding the credit card data has been queued in the broker, when we call the SubmitNewOrder() method now the credit card information will be available during pipeline execution, notice that it still isn’t there when the operation sequence returns the new order.