Content deleted Content added
→Prohibition on recording codes on paper forms: new section |
|||
Line 124:
This is definitely controversial, as it's an area where common practice stands in opposition to official policy, so I'd like to see some discussion before making any changes.
Avoid CVV2 Storage. All merchants are prohibited from storing CVV2 data. When asking a cardholder for CVV2, merchants must not document this information on any kind of paper order form or store it on any database. [Rules for Visa Merchants, 2007, page 12]
Merchants ... must not store card validation code 2 (CVC 2) data in any manner for any purpose. ... At its discretion, MasterCard may impose a noncompliance assessment of up to USD 100,000 per each individual violation of this Standard, with a maximum aggregate assessment of USD 500,000 for additional or continuing violations during any consecutive 12-month period. [Security Rules and Procedures-Merchant Edition, Section 10.2, July 2009]
CID numbers must not be stored for any purpose. They are available for real time Transactions only. [American Express Merchant Reference Guide – U.S., section 5.10, 2009] <small><span class="autosigned">— Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Coloradoauthor|Coloradoauthor]] ([[User talk:Coloradoauthor|talk]] • [[Special:Contributions/Coloradoauthor|contribs]]) 22:21, 16 May 2012 (UTC)</span></small><!-- Template:Unsigned -->
: It's own ''section'', no. A sentence or two summarizing (and sourced to) the above, sure. [[User:Anomie|Anomie]][[User talk:Anomie|⚔]] 01:11, 17 May 2012 (UTC)
| |||