kartrisimport

5.1.3.3. Change customer email address

There is no way for a customer to change their own email address in Kartris. The email address is assumed to be unique, and therefore we use this as the username. To avoid various issues with changing email addresses (including verification of the new account to ensure that its owner accepts the change and the problem of existing accounts), we have made changing email addresses a back-end only feature at present. If a customer needs to change their email address, then their only option is to contact the store owner so that an admin can change it for them.

The Kartris back end will check that the email address is not already in use (you cannot have two accounts with the same email), but it will not check that the owner of the new email address consents to the change (i.e. that the person making the change owns the new account), or that someone requesting the change (by telephone or email) is actually the owner of that account.

For security reasons, you should always be careful when customers request an email address change that you are absolutely 100% sure that the customer is the genuine owner of both email accounts. The best way is to write to both the old and new addresses separately and get a reply from both (a reply that includes your original email text). It is vital that you don't inadvertently hand control of an account to a third party due to lax security procedures. Although they could not access credit card data, they would be able to access personal details such as address and phone number as well as order history.
 
powered by tomehost