RCU Forums

RCU Forums (https://www.rcuniverse.com/forum/)
-   MarketPlace questions or problem? (https://www.rcuniverse.com/forum/marketplace-questions-problem-63/)
-   -   RCU violating VISA and MasterCard PCI requirements ? (https://www.rcuniverse.com/forum/marketplace-questions-problem-63/7119631-rcu-violating-visa-mastercard-pci-requirements.html)

3d-aholic 02-22-2008 05:31 PM
RCU violating VISA and MasterCard PCI requirements ?
 
I just recently got notified my credit card was out of date and that I could no longer participate in the marketplace or do anything else.

So anyway, I entered the area where it requested my Mastercard/Visa card number, card expiration date, and the security code on the back of the card. The only way it would have known this, is if this information was stored somewhere. However, its against the Visa and MasterCard PCI regulations to store the security code or so-called CVV2, or CVVS data or magnetic stripe data on any computer even if its encrypted.

Can a moderator or someone running RCU tell me whats going on here and if you are storing this data which seems to be the case since you have not charged any card? If so, I want my data removed. Also, you need to have your legal department look at this as Visa and MasterCard typically fine companies in excess of 1 million dollars for doing this.

I appreciate you prompt response.

Thank you.

MinnFlyer 02-22-2008 06:18 PM
RE: RCU violating VISA and MasterCard PCI requirements ?
 
It might have been stored in your browser

3d-aholic 02-22-2008 07:07 PM
RE: RCU violating VISA and MasterCard PCI requirements ?
 
No...in fact that would be "worse" if their software stored the value in the browser....

I'm sure they don't know they can't do this...most companies don't....
I'm just trying to educate them since they asked for these values and it was obvious no transaction occurred when I submitted the form.

http://usa.visa.com/download/merchan...ata_082707.pdf

https://www.pcisecuritystandards.org...he_pci_dss.htm
(see page 8)

mvigod 02-22-2008 10:33 PM
RE: RCU violating VISA and MasterCard PCI requirements ?
 
I am checking into this now on our db and account. I was already aware of the policy but as far as I know we do not store cvvs due to the policy but am double checking manually now.

mvigod 02-22-2008 10:39 PM
RE: RCU violating VISA and MasterCard PCI requirements ?
 
I just checked. we do not have a cvvs field in our db. I looked at the scripts and they take the cvvs in realtime and process it through payflow.verisign.com but after that process nothing is done further with the cvvs in terms of storing it in the db. It would be possible that it was saved in your session which would expire once you close your browser. This would be in your active browser session memory and NOT cookie based on your hard drive just to clarify.

If you see any other oddities just shoot me a PM directly for fastest reply.

marc


All times are GMT -8. The time now is 06:39 AM.


Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.