"Shop Pay" legal card detail retention??

lostalotmorethanthat
lostalotmorethanthat Posts: 1 Newbie
Part of the Furniture Combo Breaker
in Credit cards
Shopify's payment system is retaining card details including the CVC code without any sort of permission or agreement from the card holder which means that on line transactions or "remote" transactions can be made without the customer verifying the CVC code which I thought was not allowed by card issuers and I also thought that card address, phone and email details could only be retained with permission. There is also no indication at the time of transaction that any of these things was going to happen nor is there any indication of how to remove these details from their database. Is all this really legal??

Comments

  • born_again
    born_again Posts: 19,361 Forumite
    10,000 Posts Fifth Anniversary Name Dropper
    CVV can not be stored by anyone, that is against the regulations & subject to a large fine if found out. A retailer can process transaction without a CVV. Amazon are one that do. Also recurring transactions do not require a CVV.

    If you think about it, if your details are not retained how can a online retailer issue a refund on a returned item? As they would have no knowledge of who has returned anything. 
    Life in the slow lane
  • razord
    razord Posts: 566 Forumite
    Part of the Furniture 500 Posts Name Dropper Combo Breaker
    https://help.shop.app/hc/en-us/articles/360060344232-Opt-out-of-Shop-Pay
  • TadleyBaggie
    TadleyBaggie Posts: 6,536 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    As above, they would quickly fail the PCI audit process if they were retaining the CVV number. I've been through a PCI audit and they are extremely thorough.
  • DullGreyGuy
    DullGreyGuy Posts: 17,176 Forumite
    10,000 Posts Second Anniversary Name Dropper
    lostalotmorethanthat said:
    Shopify's payment system is retaining card details including the CVC code without any sort of permission or agreement from the card holder which means that on line transactions or "remote" transactions can be made without the customer verifying the CVC code which I thought was not allowed by card issuers and I also thought that card address, phone and email details could only be retained with permission. There is also no indication at the time of transaction that any of these things was going to happen nor is there any indication of how to remove these details from their database. Is all this really legal??
    Storing CVC numbers arent allowed, processing transactions without CVC code is perfectly fine. 

    Most likely when you make the first payment you agree to their T&Cs which in short will say they setup a continuous payment authority. Under a CPA they dont need to have anything other than the card number and wont be penalised for only having the card number (technically its all thats ever needed but the fees you'd be paying if you were anyone short of Amazon would be horrendous) 
  • born_again
    born_again Posts: 19,361 Forumite
    10,000 Posts Fifth Anniversary Name Dropper
    https://shop.app/what-shop-does

    Fill carts, not forms

    Shop Pay remembers and encrypts your details, so you can speed safely through checkout in one tap.

    Life in the slow lane
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.7K Banking & Borrowing
  • 252.6K Reduce Debt & Boost Income
  • 452.9K Spending & Discounts
  • 242.6K Work, Benefits & Business
  • 619.4K Mortgages, Homes & Bills
  • 176.3K Life & Family
  • 255.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture