Just found a place that still takes your details, card details and CVC then processes it themselves..

NickK

NickK

NickK

Caporegime
Joined
13 Jan 2003
Posts
25,351
Quite shocked they do this:
a) the card input is not a pane into a payment provider like 3D/Visa etc..
b) the data agreement states they keep hold of your data..
c) if the company gets sold so the data follows..
Please don't. Please use a provider such as PayPal with multi-factor authentication for us customers. They must be a prime target for card data theft!

It's a legit business, so instead I'm going to have to go through Amazon marketplace instead..
 
Some old parts suppliers with websites that look ancient are bad at this. I bought something a couple of years ago like a random tap part or something. Their website at the payment pages looked dodge AF. A couple of months later my credit card I used there got hacked. I can't guarantee it was from that, but I bet the site was breached and data was being harvested. It did have https and certificates in date but something was off.
 
Are they a competitor? If not, name and shame them. At least makes us aware of who this business is, but that doesn't sound PCI compliant at all.
 
I came across a really big organisation a couple of years ago that wanted you to write your credit card details (with CVC) on a postcard and send it back to them.

Mad.
 
I chuckled reading this thread.

As long as they are PCI compliant, what's the issue?
How do you know they're not compliant?
Name and shame them, for what?
How do you know the extent of the card data they are storing?
How do you know it wouldn't have prompted for 3DS if you, presumably, didn't enter your card details?

Just use a virtual card if you're that concerned.

Just wait til you hear about businesses that take payments over the phone without pausing the call recordings.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom