> > With the payment gateways these days > > there is *NO* need to store CC details. > > The need is determined by the online customer and merchant. > Online merchants want to be able to allow their customers to > save their credit card number for easier checkout when they > return. In this case numbers need to be stored.
That is quite wrong. Most payment gateways these days issue a token against a credit card payment that you can re-use to re-bill. You never need to see the credit card number after the first transaction for this to work. I believe the token is usually valid for a maximum of 13 months. > Simply storing a number will not get you fined. However your > storage method must be in compliance with the PCI standards. True. But the standards for storage are tight and most people don't have those sorts of security facilities or procedures in place. > Think about it: if PCI was saying "you may not store credit > card information," it would not need to exist, as there would > be no need to set a standard. Look at page 3 of the PCI DSS > for more information. You can store the number, but not > CVV2, Pin or full magnetic stripe. I know this but think about it... Without the CVV2 or pin what use is the CC number so is there any need to store it? Probably not! > There is no true credit card security, whether you are using > your card online or in a physical store. You can only > mitigate the risk as much as possible. I know, I just got called by my CC company today. Someone spent £800 ($1600) on my CC over the last week. I still have the card, I never use it online and still it was cloned. I know exactly where it was done too because all of the fraudulent transactions have taken place within 20 miles of a place I went to 3 weeks ago that I don't normally frequent almost 200 miles from home... All because I used my CC at a filling station on the M6 just outside Manchester, UK... Nice :) I guess the crims were dumpster diving for the till receipts although it could have been a crooked employee. Grrr... Paul ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 by Adobe® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270142 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
