I running a website which is the Canada Vancouver. I got a phone call from the customer said that taking the cvv number is illegal in Canada. So, does anyone knows about anything about the cvv law?
thank you
Latest News: (loading..)
0
3 replies to this topic
#2
Posted 19 August 2008, 01:04
The general rule about CVV is that you can ask for it .. but you can not store it.
Ie. you can not write it down and especially you can not store it in the db.
The CVV is supposed to only be used in real time.
Ie. If you get it from the customer over the phone then its supposed to keyed into the pos machine and processed directly.
Ie. if you collect CVV online then its supposed to only be used in real time to verify the transaction through a payment gateway .. and not stored in any way or form.
Ie. you can not write it down and especially you can not store it in the db.
The CVV is supposed to only be used in real time.
Ie. If you get it from the customer over the phone then its supposed to keyed into the pos machine and processed directly.
Ie. if you collect CVV online then its supposed to only be used in real time to verify the transaction through a payment gateway .. and not stored in any way or form.
Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce
Check out my profile [click here] for information on professional services, custom coding, templates, SEO optimization, modifications, commercial support and help.
Check out my profile [click here] for information on professional services, custom coding, templates, SEO optimization, modifications, commercial support and help.
#3
Posted 19 August 2008, 19:12
toyicebear, on Aug 19 2008, 01:04 AM, said:
The general rule about CVV is that you can ask for it .. but you can not store it.
Ie. you can not write it down and especially you can not store it in the db.
The CVV is supposed to only be used in real time.
Ie. If you get it from the customer over the phone then its supposed to keyed into the pos machine and processed directly.
Ie. if you collect CVV online then its supposed to only be used in real time to verify the transaction through a payment gateway .. and not stored in any way or form.
Ie. you can not write it down and especially you can not store it in the db.
The CVV is supposed to only be used in real time.
Ie. If you get it from the customer over the phone then its supposed to keyed into the pos machine and processed directly.
Ie. if you collect CVV online then its supposed to only be used in real time to verify the transaction through a payment gateway .. and not stored in any way or form.
#4
Posted 06 September 2008, 05:51
ken0306, on Aug 19 2008, 10:28 AM, said:
I running a website which is the Canada Vancouver. I got a phone call from the customer said that taking the cvv number is illegal in Canada. So, does anyone knows about anything about the cvv law?
thank you
thank you
Capturing the CVV number is highly illegal under the PCI DSS period, no matter what country you are in.
The only way you can legally do this is if your site has full PCI DSS compliance certification and you are transmitting it encrypted to your payment gateway.
Cheers
