Go Back  RCU Forums > RC Universe Support > MarketPlace questions or problem?
Reload this Page >

RCU violating VISA and MasterCard PCI requirements ?

Notices
MarketPlace questions or problem? Post questions or problems related to the RC Universe Marketplace in this forum.

RCU violating VISA and MasterCard PCI requirements ?

Old 02-22-2008, 05:31 PM
  #1  
3d-aholic
Senior Member
Thread Starter
My Feedback: (7)
 
3d-aholic's Avatar
 
Join Date: Oct 2003
Location: Round Rock, TX
Posts: 2,024
Likes: 0
Received 0 Likes on 0 Posts
Default RCU violating VISA and MasterCard PCI requirements ?

I just recently got notified my credit card was out of date and that I could no longer participate in the marketplace or do anything else.

So anyway, I entered the area where it requested my Mastercard/Visa card number, card expiration date, and the security code on the back of the card. The only way it would have known this, is if this information was stored somewhere. However, its against the Visa and MasterCard PCI regulations to store the security code or so-called CVV2, or CVVS data or magnetic stripe data on any computer even if its encrypted.

Can a moderator or someone running RCU tell me whats going on here and if you are storing this data which seems to be the case since you have not charged any card? If so, I want my data removed. Also, you need to have your legal department look at this as Visa and MasterCard typically fine companies in excess of 1 million dollars for doing this.

I appreciate you prompt response.

Thank you.
Old 02-22-2008, 06:18 PM
  #2  
MinnFlyer
Senior Member
My Feedback: (4)
 
MinnFlyer's Avatar
 
Join Date: Apr 2002
Location: Willmar, MN
Posts: 28,519
Likes: 0
Received 7 Likes on 7 Posts
Default RE: RCU violating VISA and MasterCard PCI requirements ?

It might have been stored in your browser
Old 02-22-2008, 07:07 PM
  #3  
3d-aholic
Senior Member
Thread Starter
My Feedback: (7)
 
3d-aholic's Avatar
 
Join Date: Oct 2003
Location: Round Rock, TX
Posts: 2,024
Likes: 0
Received 0 Likes on 0 Posts
Default RE: RCU violating VISA and MasterCard PCI requirements ?

No...in fact that would be "worse" if their software stored the value in the browser....

I'm sure they don't know they can't do this...most companies don't....
I'm just trying to educate them since they asked for these values and it was obvious no transaction occurred when I submitted the form.

http://usa.visa.com/download/merchan...ata_082707.pdf

https://www.pcisecuritystandards.org...he_pci_dss.htm
(see page 8)
Old 02-22-2008, 10:33 PM
  #4  
mvigod
Banned
 
Join Date: Nov 2001
Posts: 14,189
Likes: 0
Received 1 Like on 1 Post
Default RE: RCU violating VISA and MasterCard PCI requirements ?

I am checking into this now on our db and account. I was already aware of the policy but as far as I know we do not store cvvs due to the policy but am double checking manually now.
Old 02-22-2008, 10:39 PM
  #5  
mvigod
Banned
 
Join Date: Nov 2001
Posts: 14,189
Likes: 0
Received 1 Like on 1 Post
Default RE: RCU violating VISA and MasterCard PCI requirements ?

I just checked. we do not have a cvvs field in our db. I looked at the scripts and they take the cvvs in realtime and process it through payflow.verisign.com but after that process nothing is done further with the cvvs in terms of storing it in the db. It would be possible that it was saved in your session which would expire once you close your browser. This would be in your active browser session memory and NOT cookie based on your hard drive just to clarify.

If you see any other oddities just shoot me a PM directly for fastest reply.

marc

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright 2021 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.