Does your system store CVV2 data?

Synopsis
You wish to know if the system stores the last three digits on the back of a credit card (CVV2 data). You wish to process transactions and your merchant provider is requesting this information.

Solution
It is never acceptable for acquirers, merchants, or service providers to retain CVV2 data subsequent to transaction authorization. CVV2 data consists of the last three digits printed on the signature panel of all major credit cards. The Visa Operating Regulations prohibit such storage, whether encrypted or unencrypted. We must maintain compliance with these standards, and as such, we cannot (without exception) store this value.

For more information, see:


If you are doing manual credit card processing (or after event processing), your merchant account should allow you to process 'card not present' transactions, which do not require the CVV2 data. Please contact your merchant provider directly (ie Authorize.net) and ask them about processing without CVV2 data.

You may also wish to consider DoJiggy Merchant Services or one of our other supported payment processors - we capture CVV2 data only in conjunction with these services. This is because the information is passed directly to the payment processor and never stored.

 

0 Comments

Article is closed for comments.