|
|
 |
Re: FN-FORUM: Storing CC details?
date posted 16th May 2007 20:30
Hi Peter,
I have read something about this in the meantime. I absolutely agree
with you that there is no reason to store CC data.
Client is thinking about it only because they need to give credit card
refunds to their customers and card data are required by payment
gateway. This is however only few per cent of all orders and I will
advise them to rather call the customer and ask for credit card
details or send a cheque instead.
Thanks for the links as well!
Too much headache and if something goes wrong...
All the best
Jay
PS: I have been told that almost all other clients of the same payment
gateway store customers' credit card details!! We don't.
On 16 May 2007 19:24:07 -0000, Peter Agambar [EMAIL REMOVED] wrote:
>
> Jurai,
>
> This is covered under the data protection act, and the freedom of
> information act, as well as Sarbanes Oxley, Financial regulation act and a
> host of other regulations.
>
> I think it's not the case of "can you" it's a case of " Should you".
>
> There are some essential questions you should ask before storing CC details.
> 1. What reason would you need other than making it simpler when customers
> return to re-use the site.
> 2. Do you have the customer permission (this has to be given not accepted
> as true).
> 3. Are you using a database that complies with BS 17799 or ISO 17799 for
> storing personal data.
> 4. The server where the database is behind a separate network layer
> isolated from the internet?
>
> If all the above is true ( and I've missed out many more) then you need to
> ensure that the personal details are kept separate from the cc details and
> that both are encrypted. The database has to have referential integrity
> rules applied, be normalised and have a history file.
>
> But as far as the data protection act goes, if you have no reason to hold
> the CC details then you will be in breech of the data protection act. And
> this has to be a very good reason, not that it'll make life easier reason.
>
> Couple of useful links
>
> http://www.opsi.gov.uk/ACTS/acts1998/19980029.htm
>
> http://www.direct.gov.uk/en/RightsAndResponsibilities/DG_10028507
>
>
> Peter
>
>
>
> > -----Original Message-----
> > From: [EMAIL REMOVED] [EMAIL REMOVED] On Behalf Of Juraj
> > Seffer
> > Sent: 16 May 2007 19:51
> > To: FN-FORUM / [EMAIL REMOVED]
> > Subject: FN-FORUM: Storing CC details?
> >
> >
> > Hi all,
> >
> > Any idea if storing Credit Card details in a database (except CVV) is
> > legal in the UK and if it requires a licence?
> >
> > Thanks
> > Jay
> >
> > --
> > Freelancers, contractors earn more with Prosperity4
> > Call 0870 870 4414 or visit www.prosperity4.com
> > and benefit from Inland Revenue approved expenses today.
> >
> > To advertise here: http://www.freelancers.net/advertising.html
> >
> >
> --
> Freelancers, contractors earn more with Prosperity4
> Call 0870 870 4414 or visit www.prosperity4.com
> and benefit from Inland Revenue approved expenses today.
>
> To advertise here: http://www.freelancers.net/advertising.html
>
> |
|
|
