Users - Credit card security code
Locked
 
|
While it's never wise to follow someone else's policy
without investigating it first, my SBC/Yahoo DSL account is paid every month by credit card automatically and they store my CVV number for this recurring transaction ============ David Jones wrote: Yes, this is considered _very_ sensitive. Storing it is actually not allowed outside of the scope of a single transaction. So no, I don't think you can use it for recurring payment. -David On Feb 27, 2006, at 12:27 PM, Vinay Agarwal wrote: > Is the storage of securityCode (the 3-4 digit number either on back > or front > of the card) more sensitive than the credit card number itself? If > so, would > automatic billing be done without the security code? > > Regards, > Vinay Agarwal > > -----Original Message----- > From: users-bounces at lists.ofbiz.org [mailto:users- > bounces at lists.ofbiz.org] > On Behalf Of David E. Jones > Sent: Monday, February 27, 2006 10:51 AM > To: OFBiz Users / Usage Discussion > Subject: Re: [OFBiz] Users - Credit card security code > > > Perhaps... but this is something that needs to be closely guarded. > Once an authorization is done (succeed or fail) the securityCode > needs to be auto-cleared. This is enough of an issue with credit card > providers that we should put any of it in until all of it is in... > > -David > > > On Feb 27, 2006, at 11:09 AM, Vinay Agarwal wrote: > >> Would it be OK to add optional securityCode (type id) to the >> CreditCard entity and the corresponding createCreditCard? >> >> >> Regards, >> >> Vinay Agarwal >> >> >> _______________________________________________ >> Users mailing list >> Users at lists.ofbiz.org >> http://lists.ofbiz.org/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > Users at lists.ofbiz.org > http://lists.ofbiz.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > Users at lists.ofbiz.org > http://lists.ofbiz.org/mailman/listinfo/users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2466 bytes Desc: not available Url : http://lists.ofbiz.org/pipermail/users/attachments/20060227/8dc287bc/smime-0001.bin _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Credit card security code
|
|
The storing of CVV2 number (security code) is forbidden by merchant account
agreements. The purpose of the CVV2 is to demonstrate that the card is in the hand of the customer, which means reduced risk (affecting approval and merchant account rates). Storing the code defeats this purpose and I believe VISA will charges fines or terminate the agreement of any merchants caught violating this rule. Chances are that the DSL account used the code for the initial charge as extra "insurance" that your card was legit, then just used the card # and exp. date for further recurring charges. BBB Online has some info on CVV2 (more geared towards consumers, but might be helpful). Your contract w/ your merchant account provider should provide more info. http://www.bbbonline.org/eExport/doc/MerchantGuide_cvv2.pdf Warm regards, sterling -----Original Message----- From: Chris Howe [mailto:[hidden email]] Sent: Monday, February 27, 2006 4:06 PM To: [hidden email] Subject: [OFBiz] Users - Credit card security code While it's never wise to follow someone else's policy without investigating it first, my SBC/Yahoo DSL account is paid every month by credit card automatically and they store my CVV number for this recurring transaction ============ David Jones wrote: Yes, this is considered _very_ sensitive. Storing it is actually not allowed outside of the scope of a single transaction. So no, I don't think you can use it for recurring payment. -David On Feb 27, 2006, at 12:27 PM, Vinay Agarwal wrote: > Is the storage of securityCode (the 3-4 digit number either on back > or front > of the card) more sensitive than the credit card number itself? If > so, would > automatic billing be done without the security code? > > Regards, > Vinay Agarwal > > -----Original Message----- > From: users-bounces at lists.ofbiz.org [mailto:users- > bounces at lists.ofbiz.org] > On Behalf Of David E. Jones > Sent: Monday, February 27, 2006 10:51 AM > To: OFBiz Users / Usage Discussion > Subject: Re: [OFBiz] Users - Credit card security code > > > Perhaps... but this is something that needs to be closely guarded. > Once an authorization is done (succeed or fail) the securityCode > needs to be auto-cleared. This is enough of an issue with credit card > providers that we should put any of it in until all of it is in... > > -David > > > On Feb 27, 2006, at 11:09 AM, Vinay Agarwal wrote: > >> Would it be OK to add optional securityCode (type id) to the >> CreditCard entity and the corresponding createCreditCard? >> >> >> Regards, >> >> Vinay Agarwal >> >> >> _______________________________________________ >> Users mailing list >> Users at lists.ofbiz.org >> http://lists.ofbiz.org/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > Users at lists.ofbiz.org > http://lists.ofbiz.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > Users at lists.ofbiz.org > http://lists.ofbiz.org/mailman/listinfo/users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2466 bytes Desc: not available Url : http://lists.ofbiz.org/pipermail/users/attachments/20060227/8dc287bc/smime-0 001.bin _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Credit card security code
|
|
Sterling,
I know of at least one company who are definitely storing my CVV in order to take monthly payments. How would they do this without storing the CVV? -- Kind Regards Andrew Sykes <[hidden email]> Sykes Development Ltd http://www.sykesdevelopment.com _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Credit card security code
|
|
The important point, is it can cause the company large fines.
and anyone that programs that into a system, is opening themselves to suites. Those that do it, does not make it right. Andrew Sykes sent the following on 2/28/06 4:22 AM: > Sterling, > > I know of at least one company who are definitely storing my CVV in > order to take monthly payments. > > How would they do this without storing the CVV? _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Credit card security code
|
|
BJ,
You misunderstand, I'm not arguing the validity of the approach. In fact I'd agree completely with your comments and hope that they are a cautionary note to anyone considering this route. But if a company is being asked for the CVV in order to take a monthly payment, what should their approach be? -- Kind Regards Andrew Sykes <[hidden email]> Sykes Development Ltd http://www.sykesdevelopment.com _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Credit card security code
|
|
My experience, is most merchants accounts do not require the CVV and
will do transactions with CC#, Expire date, and zipcode. or Complete address. However some Merchant accounts do Get a better percentage on transactions if CVV is provided. So I would say the first transaction use the CVV to validate that the person using the CC# has the card in hand. After that use the CC#, Expire date, and address. this would give you the AV status. At least that is the way I have programmed. BTW. Please turn on the ability to have the previous responses included. it is easier to follow the conversation. Andrew Sykes sent the following on 2/28/06 5:08 AM: > BJ, > > You misunderstand, I'm not arguing the validity of the approach. In fact > I'd agree completely with your comments and hope that they are a > cautionary note to anyone considering this route. > > But if a company is being asked for the CVV in order to take a monthly > payment, what should their approach be? _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: Users - Credit card security code
|
|
In reply to this post by Andrew Sykes
Some payment processors have periodic billing options built into their
APIs, which can vary in the amount of communication needed. In some cases, you submit the card details once along with a billing frequency and total number of payments and they handle the rest. (Any errors are sent via email notifications or can be queried via the API) In others, you need to submit a new transaction for each billing, but only include the card details on the first transaction. For each subsequent transaction, you just need to reference the original transaction and note that it is a recurring payment. -Joe On Feb 28, 2006, at 7:22 AM, Andrew Sykes wrote: > Sterling, > > I know of at least one company who are definitely storing my CVV in > order to take monthly payments. > > How would they do this without storing the CVV? > -- > Kind Regards > Andrew Sykes <[hidden email]> > Sykes Development Ltd > http://www.sykesdevelopment.com > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
«
Return to OFBiz - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |