RCU violating VISA and MasterCard PCI requirements ?
02-22-2008, 05:31 PM
#1
Senior Member
Thread Starter
My Feedback: (7)
Join Date: Oct 2003
Location: Round Rock,
TX
Posts: 2,024
Likes: 0
Received 0 Likes
on
0 Posts
RCU violating VISA and MasterCard PCI requirements ?
I just recently got notified my credit card was out of date and that I could no longer participate in the marketplace or do anything else.
So anyway, I entered the area where it requested my Mastercard/Visa card number, card expiration date, and the security code on the back of the card. The only way it would have known this, is if this information was stored somewhere. However, its against the Visa and MasterCard PCI regulations to store the security code or so-called CVV2, or CVVS data or magnetic stripe data on any computer even if its encrypted.
Can a moderator or someone running RCU tell me whats going on here and if you are storing this data which seems to be the case since you have not charged any card? If so, I want my data removed. Also, you need to have your legal department look at this as Visa and MasterCard typically fine companies in excess of 1 million dollars for doing this.
I appreciate you prompt response.
Thank you.
So anyway, I entered the area where it requested my Mastercard/Visa card number, card expiration date, and the security code on the back of the card. The only way it would have known this, is if this information was stored somewhere. However, its against the Visa and MasterCard PCI regulations to store the security code or so-called CVV2, or CVVS data or magnetic stripe data on any computer even if its encrypted.
Can a moderator or someone running RCU tell me whats going on here and if you are storing this data which seems to be the case since you have not charged any card? If so, I want my data removed. Also, you need to have your legal department look at this as Visa and MasterCard typically fine companies in excess of 1 million dollars for doing this.
I appreciate you prompt response.
Thank you.
02-22-2008, 07:07 PM
#3
Senior Member
Thread Starter
My Feedback: (7)
Join Date: Oct 2003
Location: Round Rock,
TX
Posts: 2,024
Likes: 0
Received 0 Likes
on
0 Posts
RE: RCU violating VISA and MasterCard PCI requirements ?
No...in fact that would be "worse" if their software stored the value in the browser....
I'm sure they don't know they can't do this...most companies don't....
I'm just trying to educate them since they asked for these values and it was obvious no transaction occurred when I submitted the form.
http://usa.visa.com/download/merchan...ata_082707.pdf
https://www.pcisecuritystandards.org...he_pci_dss.htm
(see page 8)
I'm sure they don't know they can't do this...most companies don't....
I'm just trying to educate them since they asked for these values and it was obvious no transaction occurred when I submitted the form.
http://usa.visa.com/download/merchan...ata_082707.pdf
https://www.pcisecuritystandards.org...he_pci_dss.htm
(see page 8)
02-22-2008, 10:33 PM
#4
Banned
RE: RCU violating VISA and MasterCard PCI requirements ?
I am checking into this now on our db and account. I was already aware of the policy but as far as I know we do not store cvvs due to the policy but am double checking manually now.
02-22-2008, 10:39 PM
#5
Banned
RE: RCU violating VISA and MasterCard PCI requirements ?
I just checked. we do not have a cvvs field in our db. I looked at the scripts and they take the cvvs in realtime and process it through payflow.verisign.com but after that process nothing is done further with the cvvs in terms of storing it in the db. It would be possible that it was saved in your session which would expire once you close your browser. This would be in your active browser session memory and NOT cookie based on your hard drive just to clarify.
If you see any other oddities just shoot me a PM directly for fastest reply.
marc
If you see any other oddities just shoot me a PM directly for fastest reply.
marc
