When a test member's deleted. their email address used to sign up and/or Paypal email address goes away.
There's a hyperlink to the member details but if they delete their account it is unclickable.
It would be nice to have a column with:
1) Email address signed up with
2) Paypal email address used to create and/or pay the subscription
This would be great for research purposes, refund requests, etc.
SCREENSHOT:
I can get the transaction number from the Member Transaction History. If I do a little research I can find the transaction and refund them. It would still be nice to know their email address & Paypal email address use for the subscription payments though.
SCREENSHOT 2:
SCREENSHOT 3:
For this, keeping the email address would be good. Not the Paypal email though as that's a security topic and you really, really don't want that sort of liability. The less sensitive info you store, the better off you are. IMO, leave the security to Paypal and just store the user email and transaction ID. With those, you can find any info you need.
Just helps you have to do less digging--especially if you don't know the customer id.
Plus, if you have lots of users(100+) and suddenly you have to find one you could potentially look through hundreds of deleted users and then have to click on the details, and then click each Gateway Transaction ID to find that customer. You could be there for eons.
@Jasongeek
I'm with you on this one - I'd like to keep the PayPal email available. IMHO I don't see it as a security risk. Goodness - people use their PayPal email all the time much more freely than their Credit Card info, since for receiving money it's quick/easy, and for sending money it requires additional security. Now if it was CC info, then I'd agree that we shouldn't store it (but we're not storing this to begin with). That's very very risky. But if the PayPal email was so readily available while a member, I don't see why it shouldn't still be readily available after they leave.
And if SE feels it could be a legal/liability issue and come back to them, then they could simply make it an option to us ADMINs (to keep the PayPal email after deletion). For that matter, there could be a list of content that could remain accessible which is ADMIN configurable. I prefer flexibility anyway - so those ADMINs what want to keep certain info may, and those that don't may choose not to. Software devs shouldn't decide for us ADMINs what we want/need, or how to run our business anyway.
If we did this, it would not be encrypted as emails are not encrypted at this time. You would need to let your users know that you are storing their Paypal emails in unencrypted fashion in your privacy policy.
It's something to consider. It is two feature requests in this one which we don't allow but I will allow it this time and we can consider it for after 4.10. The subscription area needs improving anyway.
@Jasongeek: SEAO's Subscription Plugin provides a Transaction Details page that may contain the PayPal email (I don't know for sure since although I have that Plugin, I haven't thoroughly tested it yet; also SEAO doesn't provide a screenshot of the 'detials' page, only the Transaction page with a link to details). I vaguely recall that you were considering purchasing this Plugin, but forgive me if my memory is off.
@Jason, That's out of my area of expertise. Can you remember to PM me on Monday to remind me to ask about this?
gs said:
@Jasongeek: SEAO's Subscription Plugin provides a Transaction Details page that may contain the PayPal email (I don't know for sure since although I have that Plugin, I haven't thoroughly tested it yet; also SEAO doesn't provide a screenshot of the 'detials' page, only the Transaction page with a link to details). I vaguely recall that you were considering purchasing this Plugin, but forgive me if my memory is off.
Do you know if it remains after a user is deleted? The details I mean.
jasongeek said:
I wonder if their plugin encrypts it in the database. It's best practice and probably a PCI requisite.
Perhaps pm them here and send them a link to this thread to answer as it would be good for them to have an answer here. Might help clients looking for something similar.
jasongeek said:
That wouldn't be good. Can just PayPal email addresses be encrypted? Sorry about the two feature requests. Thought the requests were related.
I've left a note for our core developers about this. Noting that they are swamped with 4.10 stuffs so it may be a delay for a response.
I'm new to SE and still finding my way around. Under Settings, Spam and Banning Tools, there is a tab for Login History. You can search by various fields, including member name and it will list the email address used for that login. You can reverse order the date column to get the most recent login. I haven't tested to see if it works for deleted accounts although I would hope that information would still be in the log. I know this post is almost 2 years old, but thought it might be useful to offer this info. Hope it helps you or someone. I know I sure could use all the help available!
Thanks for posting your tips! I'm sure they'll be helpful.