CVC/CVV code should not be stored

jgage1201
Contributor
Contributor
Posted on
‎Feb-04-2017 11:02 AM

I just entered a new payment source (a cc) to Pay Pal and it required a CVC code. From what I understand, this should NEVER be stored by any "system" but only given for phone/one-time transactions. I am a merchant and my merchant requires I do NOT store this information as it is a violation of CC policy. Feedback please?

Login to Me Too
Login to Reply or Kudo
2 REPLIES 2

kernowlass
Esteemed Advisor
Esteemed Advisor
‎Feb-04-2017 11:48 AM

@jgage1201

 

Really? Everytime i use a c.c. online to buy something (not paypal) they ask me for the CVC to make sure that the card is actually in my possession.


Advice is voluntary.
Kudos / Solution appreciated.
Login to Me Too
Login to Reply or Kudo

jgage1201
Contributor
Contributor
‎Feb-05-2017 05:19 PM

For one-time purchases, like phone purchases, it should be fine. That's the purpose, to identify the card-holder. Once this information is in the wrong hands, your credit card company will assume it's always you and will have good reason for denying fraudulent transactions.

 

Here's a quote from one of the leading PCI compliance vendors in the industry, Trustwave,  

 

Can I store magnetic stripe data? How about the CVV2 and CVC?: PCI 101

 

"It is never acceptable to store magnetic stripe data after authorization of the transaction. It is also never acceptable to retain CVV2 and CVC, (the last three digits printed on the signature panel) after transaction authorization."

 

--JG 

 

 

 

Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.