We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Do online retailers...
omits
Posts: 100 Forumite
in Credit cards
...keep the full CC details or do they really delete them when the transaction is complete?
Thanks.
Thanks.
Thanks for your time.
0
Comments
-
They'll store them in line with their privacy policies, which will vary.
In the absence of ongoing retention, just enough details will be kept for identification, post any warranty or refund period.0 -
So that's why when we hear of fraudsters taking clients CC details on-mass they have all the data including the CVC on the back?
Thanks for your time.0 -
So that's why when we hear of fraudsters taking clients CC details on-mass they have all the data including the CVC on the back?
Again - it depends. Some sites will store full details, some won't. Some will do either, depending on if you set up an account with them or just check-out as a guest.
They should details of what they do/don't store available somewhere on their website.0 -
Any organisation that processes card data must be PCI-DSS (Payment Card Industry Data Security Standards) compliant, a regime that enforces a range of technical and procedural controls to protect such data. If you're concerned about a specific retailer, establish what their compliance status is....
CVCs aren't permitted to be stored once the transaction has been completed: https://blog.pcisecuritystandards.org/faq-can-cvc-be-stored-for-card-on-file-or-recurring-transactions0 -
So that's why when we hear of fraudsters taking clients CC details on-mass they have all the data including the CVC on the back?
Retrieving the card details the retailer has stored is not the only way to get the info.
You could also implant code onto a retailer's site to log all the card details entered so even though the retail hasn't stored it, the fraudsters have - this was how the British Airways data breach occurred last year.
Most retailers these days use 3rd party payment gateways like SagePay, PayPal, Stripe, etc. You communicate your card details directly with the 3rd party and the retailer never even sees the card details in the first place so has nothing to delete.0 -
Do people starting threads in this forum......0
-
The typical approach now is for a retailer to use a payment processor - PayPal, Worldpay, Mastercard, etc. When it comes to the point of paying you jump over to the payment processor's website to make the payment itself - this will likely be dressed up to match the retailers site. They collect and store your details, and then pass a token back to the retailer - the retailer then commits or cancels that token as you complete the checkout process. In this arrangement the retailer never sees your CC details, nor is there a way somebody could hack their site to get the details. At most they'll hold on to your token so they can later issue a refund.
If a retailer wants to do the processing, and have access to your details, they must work to very strict requirements around their site - how they store details, who has access, etc, etc. - and must be inspected by a third party to confirm this. Its an expensive process, and obviously risky (as above, somebody could hack the site and capture the details).0 -
The credit card details are not seen. There’s only reference to the last 4 digits on the customer’s card.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards