Plenty of supermarkets keep my details but never the 3 digit CVV
but they ask you if you wish to store the details
but they ask you if you wish to store the details
Takeaway kept my card details?
- Thread starter Efour
- Start date
Kebab was good btw :O
Soldato
They probably don't store the CCV... as it's possible to take a transition without it.
![[TW]Fox](/data/man-of-honor/2009.png){kind=avatar}
Soldato
But they don't the CVV (at least a quick look at Amazons add a card interface doesn't). As Westyfield2 says this is a pretty major no no with PCI-DSS ... that can lead to massive fines, removal of ability to accept cards etc etc ... there are pretty strivt rules to do with the storage and access to the data as well, which they are probably breaching too ...
Soldato
Aside from keeping the details which is dodgy in itself, I'd be pretty concerned about the way they recited the whole lot to you based purely on the incoming phone number. What if you'd moved out and the new occupant was calling from your house? They'd have just given all your card details to a complete stranger.
Soldato
CVV numbers are simply a method of the merchant verifying that you have the card in your possession and are authorised to use it - you can put a transaction through without it.
PCI DSS specifically states that you must not store the CVV number anywhere, and they could get in to trouble with their acquiring bank as they are clearly not handling the sensitive data properly.
PCI DSS specifically states that you must not store the CVV number anywhere, and they could get in to trouble with their acquiring bank as they are clearly not handling the sensitive data properly.
Associate
- Joined
- 14 Jan 2010
- Posts
- 568
You would be surprised the amount of (more frequently) online retailers keep all of your card details, not even encrypted.
Associate
Steam never stores ccv, its illegal to. So yes you must enter it every time.
Which law, out of interest?
Soldato
[TW]Fox;17429538 said:
It's part of the requirements for PCI-DSS compliance as opposed to a "law" ... failure to follow these and you won't be able to accept cards, be fined for not meeting the compliance and can be liable for costs if there is a breach ... how much it costs a bank to reissue a couple of thousand cards if they have been comprimised ...
OllyM and memyselfandi
Ok i have decided to report it, you seem to know the score, who do you think i should contact. Will local trading standards be the best to start with ?
I got no problem calling the shop and saying delete it, but ill never know they have and they may well have 100s on file.
im scared now
just need 1 more sensible answer before you can rip this thread to shreds
OllyM
Ok i have decided to report it, you seem to know the score, who do you think i should contact. Will local trading standards be the best to start with ?
I got no problem calling the shop and saying delete it, but ill never know they have and they may well have 100s on file.
im scared now
just need 1 more sensible answer before you can rip this thread to shreds
no sure way, unless you know the right people to contact so they can investigate? or somthing. if your really worried you can allways ask the police. (not 999 lol)
Soldato
You should tell TS regardless of anyone else you go to. If you can find out what bank/merchant they use then I assume you could report it to them too re: the PCI-DSS compliance.
Might help: http://www.ico.gov.uk/complaints.aspx
Any way you can record a second call/order?
Might help: http://www.ico.gov.uk/complaints.aspx
Any way you can record a second call/order?
Last edited:
Soldato
I doubt Trading Standards would be interested, if it was me I'd try and find out who their acquirer is and speak directly to them.
Soldato
As already mentioned, play and amazon, also thehut never seem to need any additional card info, I can just put a transaction through.