Takeaway kept my card details?

bloodline76 · 23 Sep 2010 at 04:59

Apok said:
Maybe he just remembered you?

Not exactly the same thing but in my old house a guy from the takeaway recognised my voice whenever i called up, saved time telling him the orders and address.

He isn't ordering from the rainman you know

memyselfandi · 23 Sep 2010 at 07:16

MrLOL said:
re: steam, apple, play.com, amazon

are they just charging the card from outside the UK thus not bound by UK regulations ?

Steam and Apple are both american companies, play is based in the C.I. ...

PCI-DSS is not a UK regulation. It is a payment card industry standard (hence PCI) and is applicable world wide.

It is possible to store credit card data, other than full magnetic stripe, CVV2 or PIN data which you are not allowed to store, as long as it's held in an application which meets PA-DSS (Payment Application Data Security Standard), if it's a third party application, or all the relevant security criteria are met in the case of in-house developed applications.

If you want more information on the standards and what is required then see the PCI Security Standards Council website.

PeterNem · 23 Sep 2010 at 07:32

MrLOL said:
re: steam, apple, play.com, amazon

are they just charging the card from outside the UK thus not bound by UK regulations ?

Steam and Apple are both american companies, play is based in the C.I. ...

No, they're just putting the transaction through without using CCV. CCV is a validation the merchant *can* (but doesn't have to) use to verify you're the card holder. I assume some places just don't bother at all, an others just use it on the first transaction. Once you've validated it once you can be fairly sure a repeat transaction is genuine!!

A bit like how some places will only ship to the card holders address on the first order, but are less bothered about the shipping address with follow up orders.

mistercrabb · 23 Sep 2010 at 07:42

daz said:
CVV should not be stored under any circumstances.

Amazon must store my CVV because I ordered a load of stuff yeterday without getting my card out...
EDIT: Ignore, didnt really read the post above..

AFAIK, storing details is fine as long as there are proper security systems in place (IE not just written down on a scrap of paper or unpassworded system).
They have to ask first though.

Wossi · 23 Sep 2010 at 08:44

When we take card payments over the phone at work, there is a form we have to fill in and when you get to the part about the security code it says that the security number must only be used for this transaction and cannot be saved for future reference.

'Wes · 23 Sep 2010 at 08:52

Justeat is your friend.

Ace Modder · 23 Sep 2010 at 08:58

Why not just have it as "cash on delivery"

Wyrdo · 23 Sep 2010 at 09:09

Ace Modder said:
Why not just have it as "cash on delivery"

He had no cash

Doughnut007 · 23 Sep 2010 at 09:33

Efour2 said:
If i wanted to take this further who do i speak to ? I assume my local trading standards?

I believe this government body deals with it

http://www.ico.gov.uk/