We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Is it illegal to keep credit card details
Options
Comments
-
Before we go into where the diary is stored, who has access, and what details are actually stored in it, it might be worth remembering we're going from a one line question with almost no detail. Just a point.0
-
My point was "card details" on their own (card number, expiry, CVV, etc) are not personal data and the DPA does not apply.
Card Details on their own, without any means of linking the information to a person, may well not be "data", but I don't think that is what is suggested this situation.
I took it as read that some other information was recorded in the diary, such as a room number or guest's name. Otherwise the information is completely useless to the hotel.
The credit card number has been obtained for processing in an automated system (the credit card payment mechanism). Therefore it is data subject to the DPA.
Even if they were not obtained with the intention of such processing, (perhaps merely as a means of providing a guarantee for a hire car or proof of identification) then they would be recorded in some way which allows the individual to be linked back to the card number if necessary; which is clearly a "relevant filing system" defined as:"any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible"and therefore it is data subject to the DPA.We need the earth for food, water, and shelter.
The earth needs us for nothing.
The earth does not belong to us.
We belong to the Earth0 -
I would be fairly certain that these details are covered by the DPA. Perhaps more importantly, they are covered by the Payment Card Industry - Data Security Standard (PCI-DSS).
https://www.pcisecuritystandards.org/smb/The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts.0 -
how about sony or nintendo, they are very secure alsoDon't put your trust into an Experian score - it is not a number any bank will ever use & it is generally a waste of money to purchase it. They are also selling you insurance you dont need.0
-
As others have said, anyone that accepts card payments now should be working towards PCI Compliance.
And on the front page of the PCI site states:
You are responsible for preventing theft of cardholder data:
Follow these steps:- Don’t store ANY sensitive cardholder data!
So I think it's a BIG FAIL then? :eek:
David
£1 of debt is too much for me!0 -
-
briankelleher wrote: »At my work, if our computer system goes down we do everything on paper, if it's down for a few days like it was recently, that can be over 1000 credit card details (along with name, address, DOB etc) all written on paper, scanned once a day and sent to india to be keyed into the system.
This sounds like the best way to keep my 'personal' details secure - I'll give you a list of my home contents so you can arrange for someone to clear my house and then clear my account of it's money also.
I thought these places take the security of data information such as this seriously?
Jesus, might as well put them up on the notice board at Morrisons as say help yourself 24/7!David
£1 of debt is too much for me!0 -
incesticde wrote: »If the data is not stored on electronic media, the DPA does not even come into play.
I have already shown in two posts (with links) why this is not correct.
Please read!!!
The DPA applies to any structured filing system, manual or electronic.We need the earth for food, water, and shelter.
The earth needs us for nothing.
The earth does not belong to us.
We belong to the Earth0 -
No not illegal just not very responsible.
It may however contradict their acquiring bank terms & conditions by not taking a preventative measure for the card details to be misused.
If your Name and address details were also noted and can be linked with the card details, this then becomes a DPA breach.0 -
You'd think that, but we've never had a problem with someone stealing credit card details, even amongst 350 odd agents who take probably 35-40 credit card numbers each a day. If you're running police checks on all your employees (as we do), you weed out the people who'd be bothered with such fraud, or at least that's how it's worked out in practice.coolesticeking wrote: »This sounds like the best way to keep my 'personal' details secure - I'll give you a list of my home contents so you can arrange for someone to clear my house and then clear my account of it's money also.
I thought these places take the security of data information such as this seriously?
Jesus, might as well put them up on the notice board at Morrisons as say help yourself 24/7!0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.1K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards