Announcement

Collapse
No announcement yet.

Retention of Credit Card Security Number (CCV2)

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Retention of Credit Card Security Number (CCV2)

    Whilst inserting the latest ammended pages into the Streamline merchants instructions manual, my attention was drawn to the section on retaining customers details.

    It states that under no circumstances was the 3 digit CCV2 security code to be retained after the order has been processed.

    I note that the latest version of Catalog 7 does retain this information, as I presume earlier versions also do.

    Will this be addressed in a V7 patch, to comply with the Credit Card issuers strict rules?
    Mick Jackson
    Jackson's Fishing Tackle
    www.jackfish.net
    Tags: None
    #2
    you know what would be handy?
    A function to "purge" all CV2s (or perhaps ALL credit card data) once payments are made and orders shipped.
    Maybe, in the "housekeeping" tab, there could be a "purge card details" option that would mean we wouldn't have to spend time deleting the details as we go?
    Just a thought!
    Tracey

    Comment

      #3
      Magnificent point made by budgetbumps - although it would be nice if actinic passed the CVV2 data over in the first place (ongoing problem - lots of pain ).

      If you're processing off-line, once an order is completed surely it's a no brainer to have sensitive information automatically deleted?

      Comment

        #4
        Please add my name to the wish list for this function.
        I have been meaning to tackle this myself with some Access code for some time, but have yet to find the time.
        An ideal 'purge' would wipe out the CV2 and leave an identifying portion of the credit card for historical reference, whilst making it useless to prying eyes.
        eg. replace 1234 5678 9123 4560
        with 1234 xxxx xxxx xxx 4560.

        It would also be nice to have some additional security for the software as a whole - a secure password at start up can't be that difficult to add.

        Martin

        Comment

          #5
          Glad you agree with this Comicman, last time I suggested password protection I got beaten badly with a big stick on here, laughed at and dismissed out of hand. My point being that many use the Mole End automation stuff so pc's are being left on 24/7 nowadays. (I do work out that they'd be unpowered if nicked but maybe a clever tealeaf could change any (Windows) password before removing so access could be enabled elsewhere). Maybe a password on snapshots would be an idea also?

          Rant over.
          Football Heaven

          For all kinds of football souvenirs and memorabilia.

          Comment

            #6
            Excellent idea. I have several clients who take their laptops on the road with them and this would certainly make them happier.

            Comment

              #7
              Access Security

              Access is not really designed with security in mind.

              I have looked at security from Access v1 and stopped looking at Access 2000- so I may be a little out of date. But to my knowledge simple database password security is a waste of time as the data behind is still accessible from other programs.

              It is possible to secure the database using a workgroup file and and encrypt the data - but as far as I can see no sooner is this done than someone finds a hole. I have had to create secure Access systems for NHS records - not easy.

              Regards
              Niall
              www.highlandclans.co.uk

              Comment

                #8
                it does kinda depend what you are trying to protect.
                Personally, I think it's a better idea, if you're concerned about data on your PC (whether in software applications such as Actinic or access or not) to protect the WHOLE computer.
                Password protection at startup, IMO, would be an easier way of preventing your laptop data falling into the wrong hands, rather than password protecting ALL the senstive programs one by one?
                Tracey

                Comment

                  #9
                  i like the idea of being able to purge credit card details.

                  Comment

                    #10
                    If you're worried about the security of card details stored on your computer, don't store them, use on online processor instead. The only way to make these details secure would be for the actinic program to encrypt the card details so they are stored in the database encrypted, then have a secure password to access actinic. Then only by using actinic with the password would you be able to see the card details.

                    Windows is not secure, access is not secure, so if someone does compromise your computer then all your customers card details are visible.

                    I have no problem with actinic being password protected, that's one for the wishlist, but it's a pointless excercise unless the card details are stored encrypted at all times.

                    And a purge cvv data is also one for the (urgent) wishlist.
                    Blushingbuyer, banishing blushes since 2000.
                    http://www.blushingbuyer.co.uk

                    Comment

                      #11
                      And don't forget that with the chip and pin routine compulsary on the 14th Feb I reckon that stolen cards will be used much more on the online market.
                      Football Heaven

                      For all kinds of football souvenirs and memorabilia.

                      Comment

                        #12
                        Hi,

                        Thanks for all you suggestions. I have passed them onto the relevant people. We are actually investigating the possibility of encrypting the credit card details in the database at the moment.

                        In the meantime you can manually delete the CVV2 number from the order after you have processed it. If you also want to remove the credit card number you can replace it with '*'.
                        ********************
                        Tracey
                        SellerDeck

                        Comment

                          #13
                          CVV2 number not coming through

                          Hi,

                          My client has an offline streamline machine and he is saying that the credit card info comes across with the order but not the CVV2 number. Is there a way I can get version 7 to do this. With the new card machines he needs this number to process any orders.

                          Many thanks for help.

                          Cheers...Paul

                          Comment

                            #14
                            Hi Paul,

                            Does you client have the option set in 'View | Business Settings | Payment & Security | Configure Method button' for the CVV2 numbers? If so, do they download orders to a different pc than uploading to the website? If so, then they need to ensure that these options are selected on both pcs.
                            ********************
                            Tracey
                            SellerDeck

                            Comment

                              #15
                              Hi Tracey,

                              That worked fine, many thanks for your help gratefully appreciated.

                              Cheers...Paul

                              Comment

                              Previous template Next
                              Working...
                              X