> On 1/9/06, Dan Baker <dbefc@xxxxxxxxxxxxxxxx> wrote: And last of all, I > know of a pretty large company that uses a service > similar to VeriSign. This other service (can't remember the name) didn't > provide the "PNRef" scenario, so the company stores credit card numbers in > their database (encrypted of course), and they just run the numbers every > month for their service. Seems to be working ok for them. I don't know > who > wrote their software, what encryption they are using, where the data is > stored, how it is backed up -- I guess I don't know anything except they > are > storing credit card numbers and are currently doing a good business. DanB > This confuses me, I thought storing the CSC was illegal? > Don't you need that to run the card? > > Charles Morris > cmorris@xxxxxxxxxx The CSC (Card Security Code) or CVV (Card Verification Value) is NOT needed to run any credit cards. It is simply a method to increase the likelihood that the human at the other end of the transaction actually has the phyiscal card. Storing CSC/CVV's is illegal. I believe that even places like VeriSign do not store the CSC. Really, the only information you need to run a credit card is the number and expiration date (although you will pay a higher %). DanB -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
