Dev GuideAPI ReferenceUser Guide
Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide
GitHubNuGetDev CommunityOptimizely AcademySubmit a ticket

Customer and credit card breaking changes

Breaking changes related to credit card storage, PCI DSS compliance, and customer APIs in Commerce Connect 15.

This article covers breaking changes related to credit card data storage, PCI DSS compliance requirements, and customer-related APIs in Commerce Connect 15.

ICreditCardPayment interface removal

The ICreditCardPayment interface and all its implementations have been removed due to PCI DSS compliance requirements. Storing raw credit card data is a significant security and compliance risk.

The following types have been removed:

  • EPiServer.Commerce.Order.ICreditCardPayment
  • Mediachase.Commerce.Orders.CreditCardPayment
  • EPiServer.Commerce.Order.Internal.SerializableCreditCardPayment
  • OrderContext.CreditCardPaymentMetaClass property

CreditCard class removal

The Mediachase.Commerce.Customers.CreditCard class and all related types have been removed:

  • Mediachase.Commerce.Customers.CreditCard class (including all methods: CreateInstance, Delete, CreditCardTypeFriendlyName)
  • Mediachase.Commerce.Customers.CreditCardEntity class
  • CreditCard.eCreditCardType enum

CustomerContact credit card methods removal

The following credit card management methods and properties have been removed from CustomerContact:

  • CustomerContact.ContactCreditCards property
  • CustomerContact.UpdateCreditCard method
  • CustomerContact.AddCreditCard method
  • CustomerContact.DeleteCreditCard method

Organization credit card removal

  • Organization.CreditCards property has been removed.

CustomerContext credit card methods removal

The following methods have been removed from CustomerContext:

  • CustomerContext.GetContactCreditCards method
  • CustomerContext.GetOrganizationCreditCards method

CustomerEntityFactory credit card support removal

CustomerEntityFactory support for CreditCard creation has been removed.

Database objects removal

All database objects related to credit card storage have been removed, including tables, stored procedures, and related schema objects.

Migration path

Consumers must migrate to PCI-compliant tokenized payment solutions using third-party payment providers (for example, Stripe, Adyen, PayPal).

Instead of storing credit card data directly, store only payment tokens and provider transaction IDs using the IPayment interface:

// Before (Commerce 14) - Storing credit card data directly
var payment = orderGroup.CreatePayment<ICreditCardPayment>();
payment.CardType = "Visa";
payment.CreditCardNumber = "4111111111111111";
payment.ExpirationMonth = 12;
payment.ExpirationYear = 2025;
payment.SecurityCode = "123";

// After (Commerce 15) - Using tokenized payment
var payment = orderGroup.CreatePayment();
payment.PaymentMethodId = paymentMethodId;
payment.TransactionType = TransactionType.Authorization.ToString();
payment.Amount = orderTotal;

// Store only the token from your payment provider
payment.Properties["PaymentToken"] = "tok_visa_4242";
payment.Properties["ProviderTransactionId"] = "pi_3abc123";

For more information about PCI DSS compliance requirements, see PCI Security Standards.


Updated 2 months ago