|
Saving Payment Method |
Post Reply 
|
| Author | |
allensp 
Newbie 
Joined: 27-July-2007 Location: United States Status: Offline Points: 0 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Saving Payment MethodPosted: 03-November-2008 at 10:01am |
|
Hi, I need to find out if there is a way for my customers to save a credit card in their account so that they don't have to enter it in every time they purchase something with us.
I have the credit cards set up through "custom payments" because the regular credit card section doesn't ask for a cvv code.
Any suggestions are appreciated.
Thanks!
|
|
 |
|
|
katharina
Senior Member 
Joined: 25-October-2005 Location: United States Status: Offline Points: 0 |
Post Options
Thanks(0)
Quote Reply
Posted: 03-November-2008 at 10:14am |
|
Boy you are breaking the law. It is illegal to store CVV on a server other then a gateway. Also you are opening yourself up to a potential security risk by storing that data online. Hackers will love it, if they manage to get in. I hope you have a good business insurance that is willing to cover something like that. Mine certainly has tight rules and requires to follow MC/Visa regulations in order to be covered. Our customers do prefer not to have it stored and don't mind reentering it. The last I have seen was that the mayor credit card companies (Master Card/Visa) are working on making it illegal to save credit card number for future fast checkouts. Not sure, if that has come through yet, but it will soon if it hasn't. Katharina
|
|
|
|
|
allensp
Newbie
Joined: 27-July-2007 Location: United States Status: Offline Points: 0 |
Post Options
Thanks(0)
Quote Reply
Posted: 03-November-2008 at 10:41am |
|
Are you saying that I am not supposed to ask for the CVV code at all? We process our credit cards offline and our processor wants the CVV code.
Or were you saying that I just can't have them stored for my customers?
I appreciate your help. I didn't know about these rules. I have been just doing what I have been asked to do.
|
|
|
|
|
katharina
Senior Member
Joined: 25-October-2005 Location: United States Status: Offline Points: 0 |
Post Options
Thanks(0)
Quote Reply
Posted: 03-November-2008 at 11:01am |
|
You are only supposed to use the cvv if the customer is present, meaning you have the card in your hand. These are called the "swiped" cards and they do have a better rate. The CVV cannot be used on sites for offline processing. Only a gateway can use CVV, but that is real time processing. Does your provider offer a gateway?
I think your provider may be pushing the CVV because they are getting better rates. Here is the link about the CVV requirements: http://www.earlyimpact.com/productcart/payment_gateways_ccreq.asp#req Katharina |
|
|
|
|
Hamish
Admin Group 
Joined: 12-October-2006 Location: United Kingdom Status: Offline Points: 56 |
Post Options
Thanks(0)
Quote Reply
Posted: 03-November-2008 at 11:51am |
|
Hi Katharina,
I though the raison d'etre of the CVV code was for "card holder not present". transactions - as it's a "proof" (well another attempt to prove) that the person placing the order has got the card in their hand. The idea of the CVV is that it is data not on the front or magnetic strip, so not easily recorded by card skimmers etc. I've only ever had to use the CVV over the phone or online. Your absolutely right on the rules regarding the CVV2 storage code. A pretty definitive staement appears on Page 12 of this guide from Visa : http://usa.visa.com/download/merchants/rules_for_visa_merchants.pdf "Avoid CVV2 Storage. All merchants are prohibited from storing CVV2 data. When asking a cardholder for CVV2, merchants must not document this information on any kind of paper order form or store it on any database." I would take that to include emails (inherantly insecure and end up in an "email database") and the site database. This seems to only leave a couple of options :- - Switch to using a payment gateway. - Ask the customer to phone in the CVV (likely to lose you sales I would think). - Ask your processor how to approach this and point them to the rules. |
|
|
|
|
katharina
Senior Member
Joined: 25-October-2005 Location: United States Status: Offline Points: 0 |
Post Options
Thanks(0)
Quote Reply
Posted: 03-November-2008 at 12:04pm |
|
I call all the safety attempts "Flavor of the Month". They have done so many changes and new features, and yet it seems not to make a difference. It only makes it confusing for merchants. The point is that I ask for the CVV over the phone and enter it directly into the gateway. With the terminal I don't need to do that, since it is swiped. So looking at that it makes sense what you are saying. Regardless, you cannot record or store it.
Katharina |
|
|
|
|
Stuck
Groupie 
Joined: 09-March-2007 Location: United States Status: Offline Points: 0 |
Post Options
Thanks(0)
Quote Reply
Posted: 03-November-2008 at 6:53pm |
|
Right, the key point is that you are not allowed to retain or store a customers CCV number anywhere, not within your companies accounting system, within a filing cabinet nor an online database. You can require or ask for it to perform the immediate transaction regardless of how the order is being processed, you just cant retain it for further transactions. As far as storing customers credit card details (like the old days), if we are asked why we didnt save the card details from their previous order, we now just immediately explain to them that it is strictly for their security, quite simply if the card details are not stored, then they can't possibly be stolen from us........our customers have always been satisfied & acceptable of this response.
|
|
|
|
|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Topic Options