> On 1/9/06, Dan Baker <[EMAIL PROTECTED]> wrote: And last of all, I 
> know of a pretty large company that uses a service
> similar to VeriSign.  This other service (can't remember the name) didn't
> provide the "PNRef" scenario, so the company stores credit card numbers in 
> their database (encrypted of course), and they just run the numbers every
> month for their service.  Seems to be working ok for them.  I don't know 
> who
> wrote their software, what encryption they are using, where the data is 
> stored, how it is backed up -- I guess I don't know anything except they 
> are
> storing credit card numbers and are currently doing a good business. DanB

> This confuses me, I thought storing the CSC was illegal?
> Don't you need that to run the card?
> Charles Morris

The CSC (Card Security Code) or CVV (Card Verification Value) is NOT needed 
to run any credit cards.  It is simply a method to increase the likelihood 
that the human at the other end of the transaction actually has the phyiscal 
card.  Storing CSC/CVV's is illegal.  I believe that even places like 
VeriSign do not store the CSC.  Really, the only information you need to run 
a credit card is the number and expiration date (although you will pay a 
higher %).


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to