I've been told that it's illegal to store the Card Security Code (CSC) -- the 3-4 digit number on the back. I hadn't researched and verified that, it's just what I'd heard. :) So if you're storing those or planning to store those, you might want to either confirm or deny the rumor for yourself.
> The question of whether you should or shouldn't keep > anything is a > practicality issue. There are quite a few obligations > put on you if > you store any of the card details in any form - written, > electronic or > engraved into marble. For example, if you store the card > number, and > it ends up being stolen, you could be held liable for the > losses the > cardholder incurs as a result. The terms are outlined in > the > merchant agreement you signed when you agreed to take on > the card > merchant facility. > In short, if you store anything you have to go to a lot of > lengths to > protect the data from malicious or accidental interception > - separate > database server, encryption, secure transmission between > servers etc > etc. This applies not only to data stored on your web > site servers, > but also in your accounting system and in local servers. > You have to > protect the data from being misused by disgruntled or > dishonest > employees for example or you could possibly be held liable > for any > losses incurred by the cardholder. > The easiest way to honour your obligations for all this is > just to not > store the info. There's nothing that says you can't > store it. > Just that if you do store it, you must do everything > practical to > ensure it's safe from dishonest, negligent or malicous > people who > might come in contact with it. > Your own bank's merchant services people should tell you > whether it's > ok to store just the last four digits of the number (your > rules might > be different from ours), but if it's any help, it's > acceptable in > Australia to store and print the last four digits in the > form you > outline. > Cheers > Mike Kear > Windsor, NSW, Australia > Certified Advanced ColdFusion Developer > AFP Webworks > http://afpwebworks.com > ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month > On 4/16/06, Adrian Lynch <[EMAIL PROTECTED]> > wrote: >> I'm about to create a table to hold credit card booking >> info and I was >> wondering what info you can store regarding the card >> details. I don't keep >> the CC number, but does anyone know if it's ok to keep >> part of it so I can >> show details like CC: **** **** **** 1234? >> >> This is a UK based company if it makes a difference. >> >> Can anyone point me to any resources about this sort of >> thing. I've always >> been under the impression that I shouldn't keep anything. >> >> Thanks. >> >> Adrian Lynch >> http://www.halestorm.co.uk/ >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:237854 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
