We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Credit card info storage by websites... ?
LazyD
Posts: 81 Forumite
in Credit cards
Hello,
Please move this if it's in the incorrect forum.
Recently ordered something with my card from a site that I've never ordered anything from before. After checking out it's reviews I decided they were a legit site and went ahead with the order.
I don't like it when a site doesn't give you the option to remove your card details at the end of the order process or when it doesn't tell you that your details will be removed, this site did neither of those things. I emailed the admin of the site and asked them if they store customers credit card details and why there was not the option to removed them and at least why the customer wasn't told during the order what would happen to their credit card details.
I received this reply:
"once customers enter their details, they are stored on our secure server (**** merchant). By law we have to keep all order details for 6 months before safely destroying them. We never pass on any details be it address/credit card info/phone numbers etc to other parties."
They then went on to praise their 128bit encryption and so on.
What I want to know is, do they really have to store my details for 6 months, by law?! Also, if this is the case why do some sites give you the option to remove your credit card details from their servers or their credit card merchant's servers? Surely if by law details must be kept for 6 months this would not be possible? I did try a google search but gave up after a few minutes as didn't seem to find anything relevant.
I take this credit card storing business very seriously since I work in IT and am aware of the common occurance of multiple hosting facilities being hacked and credit card info being stolen. With multiple hosting when one website is hacked the hacker gets access to all other websites on the box/server so this is a common way of accessing an online shops credit card cache. In fact I don't know why there are not laws preventing merchants from storing credit card info electronically or otherwise.
Thanks for reading, info on this much appreciated.
Please move this if it's in the incorrect forum.
Recently ordered something with my card from a site that I've never ordered anything from before. After checking out it's reviews I decided they were a legit site and went ahead with the order.
I don't like it when a site doesn't give you the option to remove your card details at the end of the order process or when it doesn't tell you that your details will be removed, this site did neither of those things. I emailed the admin of the site and asked them if they store customers credit card details and why there was not the option to removed them and at least why the customer wasn't told during the order what would happen to their credit card details.
I received this reply:
"once customers enter their details, they are stored on our secure server (**** merchant). By law we have to keep all order details for 6 months before safely destroying them. We never pass on any details be it address/credit card info/phone numbers etc to other parties."
They then went on to praise their 128bit encryption and so on.
What I want to know is, do they really have to store my details for 6 months, by law?! Also, if this is the case why do some sites give you the option to remove your credit card details from their servers or their credit card merchant's servers? Surely if by law details must be kept for 6 months this would not be possible? I did try a google search but gave up after a few minutes as didn't seem to find anything relevant.
I take this credit card storing business very seriously since I work in IT and am aware of the common occurance of multiple hosting facilities being hacked and credit card info being stolen. With multiple hosting when one website is hacked the hacker gets access to all other websites on the box/server so this is a common way of accessing an online shops credit card cache. In fact I don't know why there are not laws preventing merchants from storing credit card info electronically or otherwise.
Thanks for reading, info on this much appreciated.
0
Comments
-
Merchants that process credit card data and store these details on computers are expected by their payment services providers to be 'PCI Compliant'.
By being able to demonstrate their compliance they become less culpable in the event of any loss of data due to cybercrime.
I am not aware of any specific law that states thet data must be held for 6 months, but it should be held in an encripted format regardless.
You may find more helpful info here. Don't worry about the fact it's an Amercian site - it applies equally over here.0 -
Thanks for your reply.
Had a look at the PCI compliance page, some of it quite interesting.
Still, I am no closer to the answer to my question:
Do they really have to store credit card details for 6 months by law?
Anyone?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.3K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.8K Spending & Discounts
- 244.3K Work, Benefits & Business
- 599.5K Mortgages, Homes & Bills
- 177.1K Life & Family
- 257.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards