Credit Card Data in Light of TJMAX

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Credit Card Data in Light of TJMAX

Daniel Kunkel
Hi

Some of you are well aware of the mis-steps of TJMAX who lost track 2
customer credit card data from years of business that they should not
even have been storing. Track 2 data in the credit card includes

Some experts are suggesting that the credit card data be deleted as soon
as the transaction is completed.  Some of our customers are getting very
curious about how we handle their credit card data.

I know the anonymous checkout feature handles most of these issues,
however is there anything OFBiz should be doing out of the box in light
of the increased customer sensitivity to their credit card data?

--
Daniel

*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-
Have a GREAT Day!

Daniel Kunkel           [hidden email]
BioWaves, LLC           http://www.BioWaves.com
14150 NE 20th St. Suite F1
Bellevue, WA 98007
800-734-3588    425-895-0050
http://www.Apartment-Pets.com  http://www.Illusion-Optical.com
http://www.Card-Offer.com      http://www.RackWine.com
http://www.JokesBlonde.com     http://www.Brain-Fun.com 
*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-

Reply | Threaded
Open this post in threaded view
|

Re: Credit Card Data in Light of TJMAX

David E Jones

Chances are we'll stick to our current practices, ie comply with  
industry requirements. If someone wanted do delete all credit data  
once it is no longer needed, that could be done.

Keep in mind that this is a PAIN and makes it hard to comply with  
other CC company requirements, like refunded credit card purchased  
returns to the original credit card...

-David


On Feb 12, 2007, at 11:18 PM, Daniel Kunkel wrote:

> Hi
>
> Some of you are well aware of the mis-steps of TJMAX who lost track 2
> customer credit card data from years of business that they should not
> even have been storing. Track 2 data in the credit card includes
>
> Some experts are suggesting that the credit card data be deleted as  
> soon
> as the transaction is completed.  Some of our customers are getting  
> very
> curious about how we handle their credit card data.
>
> I know the anonymous checkout feature handles most of these issues,
> however is there anything OFBiz should be doing out of the box in  
> light
> of the increased customer sensitivity to their credit card data?
>
> --
> Daniel
>
> *-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-
> Have a GREAT Day!
>
> Daniel Kunkel           [hidden email]
> BioWaves, LLC           http://www.BioWaves.com
> 14150 NE 20th St. Suite F1
> Bellevue, WA 98007
> 800-734-3588    425-895-0050
> http://www.Apartment-Pets.com  http://www.Illusion-Optical.com
> http://www.Card-Offer.com      http://www.RackWine.com
> http://www.JokesBlonde.com     http://www.Brain-Fun.com
> *-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-
>


smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Credit Card Data in Light of TJMAX

Chandresh Turakhia
Can someone guide to TJMAX requirements. I need to check if it applicable in
India and France

Chand
----- Original Message -----
From: "David E. Jones" <[hidden email]>
To: <[hidden email]>
Sent: Tuesday, February 13, 2007 12:28 AM
Subject: Re: Credit Card Data in Light of TJMAX


>
> Chances are we'll stick to our current practices, ie comply with  industry
> requirements. If someone wanted do delete all credit data  once it is no
> longer needed, that could be done.
>
> Keep in mind that this is a PAIN and makes it hard to comply with  other
> CC company requirements, like refunded credit card purchased  returns to
> the original credit card...
>
> -David
>
>
> On Feb 12, 2007, at 11:18 PM, Daniel Kunkel wrote:
>
>> Hi
>>
>> Some of you are well aware of the mis-steps of TJMAX who lost track 2
>> customer credit card data from years of business that they should not
>> even have been storing. Track 2 data in the credit card includes
>>
>> Some experts are suggesting that the credit card data be deleted as  soon
>> as the transaction is completed.  Some of our customers are getting  very
>> curious about how we handle their credit card data.
>>
>> I know the anonymous checkout feature handles most of these issues,
>> however is there anything OFBiz should be doing out of the box in  light
>> of the increased customer sensitivity to their credit card data?
>>
>> --
>> Daniel
>>
>> *-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-
>> Have a GREAT Day!
>>
>> Daniel Kunkel           [hidden email]
>> BioWaves, LLC           http://www.BioWaves.com
>> 14150 NE 20th St. Suite F1
>> Bellevue, WA 98007
>> 800-734-3588    425-895-0050
>> http://www.Apartment-Pets.com  http://www.Illusion-Optical.com
>> http://www.Card-Offer.com      http://www.RackWine.com
>> http://www.JokesBlonde.com     http://www.Brain-Fun.com
>> *-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-
>>
>
>


Reply | Threaded
Open this post in threaded view
|

Re: Credit Card Data in Light of TJMAX

Daniel Kunkel
In reply to this post by David E Jones
Hi

Good points.

The most important thing is to meet Visa requirements, which I believe
we do since the CC data is stored in an encrypted format.

About the returns to the original cc...  Rather than ever deleting the
cc outright, it would probably be better to keep the last four digits
available so the user could provide the right CC number again in case of
a refund.

--

The track 2 data that TJMAX had stored included the account number,
verification codes, and expiration date.

Thanks



On Tue, 2007-02-13 at 01:28 -0700, David E. Jones wrote:

> Chances are we'll stick to our current practices, ie comply with  
> industry requirements. If someone wanted do delete all credit data  
> once it is no longer needed, that could be done.
>
> Keep in mind that this is a PAIN and makes it hard to comply with  
> other CC company requirements, like refunded credit card purchased  
> returns to the original credit card...
>
> -David
>
>
> On Feb 12, 2007, at 11:18 PM, Daniel Kunkel wrote:
>
> > Hi
> >
> > Some of you are well aware of the mis-steps of TJMAX who lost track 2
> > customer credit card data from years of business that they should not
> > even have been storing. Track 2 data in the credit card includes
> >
> > Some experts are suggesting that the credit card data be deleted as  
> > soon
> > as the transaction is completed.  Some of our customers are getting  
> > very
> > curious about how we handle their credit card data.
> >
> > I know the anonymous checkout feature handles most of these issues,
> > however is there anything OFBiz should be doing out of the box in  
> > light
> > of the increased customer sensitivity to their credit card data?
> >
> > --
> > Daniel
> >
> > *-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-
> > Have a GREAT Day!
> >
> > Daniel Kunkel           [hidden email]
> > BioWaves, LLC           http://www.BioWaves.com
> > 14150 NE 20th St. Suite F1
> > Bellevue, WA 98007
> > 800-734-3588    425-895-0050
> > http://www.Apartment-Pets.com  http://www.Illusion-Optical.com
> > http://www.Card-Offer.com      http://www.RackWine.com
> > http://www.JokesBlonde.com     http://www.Brain-Fun.com
> > *-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-
> >
>