> That is quite wrong. Most payment gateways these days issue a token > against > a credit card payment that you can re-use to re-bill. You never need to > see > the credit card number after the first transaction for this to work. I > believe the token is usually valid for a maximum of 13 months.
Most maybe, but I currently use Authorize.net (one of the largest), and as far as I can tell, they do not offer this. You need to send a credit card number with every transaction (unless you are capturing a transaction that has already been authorized). Perhaps this is a good reason to switch to a different processor, although otherwise they're ok. What if this token that gets issued falls into the wrong hands? If you don't need anything else but that token to authorize a transaction, that's less secure than requiring a cvv number for every transaction. > I know this but think about it... Without the CVV2 or pin what use is the > CC > number so is there any need to store it? Probably not! I don't know about other processors, but at Authorize.net you can configure your account to not require a cvv number for authorization. > All because I used my CC at a filling station on the M6 just outside > Manchester, UK... Nice :) I guess the crims were dumpster diving for the > till receipts although it could have been a crooked employee. Grrr... That sucks! What's ironic is that people are much more paranoid about online transactions than in-store transactions, though the latter generally have more security openings (employees handling physical receipts etc.) -- Josh ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 by AdobeĀ® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270149 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
