We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Long numbers without spaces in web forms
Options
Comments
-
Amex are 15.
What used to be Switch can go up to 19.
Some can go as low as 10!
"most" are 16.
I've heard talk of going up to 22 for card number - because there's so many of them, but it's not here yet (huge changes required through all the interfaces)
and re OP, yup, it's sloppy as hell from the developer.
Lum: try CV2, CVV, CSC. and for amex it's 4DBC (4 digit batch code, and is printed on the front. the 3 on the back are meaningless - just a by product of manufacturing process).0 -
Well as you can probably tell I don't actually work in card processing, I just sometimes do form design for people who are doing card processing.
What's scary is half the time I still know more of the rules of what you can and can't do, even though I make no claim to be anything near to an expert in this area. Things like not being able to store the security code after the transaction is complete, for example.0 -
I was referring to the extra 3 digits on the back. Depending on who designed the web form, they call it "security code" or "CVV2".
And trust me I've seen it done, on a paper form that was destined for archival too!
Securityguy has a good point. you can't know that the superflous 3 digits are in fact the CV2. and as you well know, it's prohibited to store it, for obvious reasons.
EDIT: Overlapped. Yes you do know. And if you capture the card number, you know you can't store it unencrypted ... right?
0 -
Yet I've had customers ask me to put a field on a paper form for the security code and then want to archive it for 7 years. I eventually got them to agree to me drawing a black square over that field before it got sent to the electronic archive.
That was where I then saw the dude who had filled in the security code in the last 3 digits, and I know it was the security code because he'd filled it in again in the correct box immediately below.0 -
CV2 on paper? Nooooooooooo!
And should anyone else be reading this that cares. the CV2 must never, ever, be stored. It's strictly prohibited under PCI-DSS. The entire point of it is to prove that you have the card in your hand and can read it. Once it's recorded it's entire purpose is defeated.0 -
-
I had that exact same argument with them. They claimed that their bank had insisted they ask for the code on their paper forms.
It was hard enough work getting them to agree that the electronic copy should have that field blacked out.0 -
Well ... the CV2 can be carried in transit and technically paper can be in transit but should be destroyed when it reaches the desination.I had that exact same argument with them. They claimed that their bank had insisted they ask for the code on their paper forms.
So it can go on a form, be sent in the post, and transferred to something else ... but NOT stored, and certainly not for 7 years.
I'd be very reluctant to be involved with this, especially if you think they'll take in the forms and stuff them into a filing cabinet or something. That place would be an absolute goldmine for a burglar.
So ... where is this place?
EDIT: to validate my previous posts ... by "stored", I meant "stored electronically" I.e. on a computer etc.0 -
I'd rather not say anything beyond: one of my UK government customers.
I set up the software to blank out that box and advised them in writing that they should destroy it on the paper too, if not the whole paper. Not really much else I could do.
No idea what they actually did with the paper, fortunately that side of things wasn't my problem. I'm even more grateful that the design and security of their database wasn't my problem either!0 -
Just LOL.
I am really not suprised.
I've worked long and hard on complex encryption systems with multifactor authentication to protect card numbers, and they're written on sheets of paper somewhere along with their CV2s.
Great 0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards