10 Oct
2018
10 Oct
'18
10:32 a.m.
On Wed, Oct 10, 2018 at 02:21:40PM +0000, Naslund, Steve wrote:
For example, with tokenization there is no reason at all for any retailer to be storing your credit card data (card number, CVV, exp date) at all (let alone unencrypted) but it keeps happening over and over.
It's been a while since I've had to professionally worry about this, but as I recall, compliance with PCI [Payment Card Industry] Data Security Standards prohibit EVER storing the CVV. Companies which do may find themselves banned from being able to process card payments if they're found out (which is unlikely). - Brian