We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

PayPal and CSC

etienneg
etienneg Posts: 600 Forumite
Part of the Furniture 500 Posts
in Credit cards
Rightly or wrongly, I was under the impression that merchants were not allowed to store Card Security Codes. I was therefore surprised to receive the following email from PayPal:

"We've noticed that your card ending in ** is about to expire. Please update your card expiry date and card security code (CSC) as soon as possible to avoid any interruptions in using PayPal. Be sure to activate your new card with your bank first."

The email appears to be genuine, and the relevant card has indeed just been replaced (as it expires this month).

Comments are welcome.


Comments

  • Gerry1
    Gerry1 Posts: 10,853 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    edited 10 February 2020 at 9:32PM
    Storing the CVV is a big NoNo.  Banned by PCI DSS Requirement 3.2.
    <a href="https://blog.pcisecuritystandards.org/faq-can-cvc-be-stored-for-card-on-file-or-recurring-transactions">https://blog.pcisecuritystandards.org/faq-can-cvc-be-stored-for-card-on-file-or-recurring-transactions</a>


  • crumpet_man
    crumpet_man Posts: 819 Forumite
    Fifth Anniversary 500 Posts Name Dropper
    Does it say that Paypal are storing the CVV?  You just need to input it once so that Paypal can verify/authorise it.
  • born_again
    born_again Posts: 22,619 Forumite
    10,000 Posts Sixth Anniversary Name Dropper
    They will need it to ensure you are the card holder. But will not store it.
    I would also not go via any link in that email to update anything. As it could very easy be a phishing email.
    Life in the slow lane
  • etienneg
    etienneg Posts: 600 Forumite
    Part of the Furniture 500 Posts
    Thanks for the replies. What you have said makes sense. It was just my reading of the email wording that led me astray. Saying "update your card expiry date and card security code (CSC)" made me think both of these pieces of information were being treated the same, and therefore they were both stored. If they had said "update your card expiry date and tell us your new card security code (CSC) so that we can verify the new card" (or something similar) I would have understood.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.3K Banking & Borrowing
  • 254K Reduce Debt & Boost Income
  • 454.9K Spending & Discounts
  • 246.3K Work, Benefits & Business
  • 602.5K Mortgages, Homes & Bills
  • 177.9K Life & Family
  • 260.3K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture