Unmasked CVV Field in WooCommerce Square Plugin

N_Taisa · December 3, 2024, 11:07pm

My client is planning to use the WooCommerce Square plugin on their e-commerce site. However, the CVV field is not masked, and the security code is visible in plain text when entered. This raises concerns with their security policies, as it does not follow standard practices for handling sensitive payment information.

I have reviewed the discussion in this forum thread (Square Payment CVV Password Character means CVV not Hide), but I would appreciate further clarification. Could you please explain if the current behavior of displaying the CVV in plain text is intentional, and how this complies with PCI DSS requirements?

Any guidance on how to resolve this issue would also be greatly appreciated.

Bryan-Square · December 3, 2024, 11:16pm

At this time this is the expected behavior with the Web Payments SDK that WooCommerce uses. Square owns the form field the customer is inputing the information and it is PCI compliant.

Topic		Replies	Views
Square Payment CVV Password Character means CVV not Hide Feature Requests payment-form	1	1332	March 30, 2021
Square credit card input field doesn't showing up Questions payment-form	1	3399	March 18, 2022
Square credit card input field doesn’t showing up Questions payment-form	2	2526	October 31, 2022
Can we set cvv input type to password Questions	1	552	November 17, 2021
Payment options not showing up on custom page Questions	3	991	June 29, 2023

Unmasked CVV Field in WooCommerce Square Plugin

Related topics