Community
The other week in a single day I completed 4 Charitable Donations forms where in 2 instances the paper form only asked for Cardnumber & Expiry Date, whilst in the other 2 instances they also asked for the Security Code to be written down.
In the latter instance, one of the forms was subsequently returned to me as it was incomplete. If that had been intercepted or discarded then there would be scope for mischief/fraud/identity theft? Is there any regulation that says they should not be doing this?
I'm fully aware of the PCI rules regarding storage of such data, this issue is to do with simply recording it on paper and entrusting it to the Royal Mail.
I polled a rival PCI Industry forum 2 weeks ago, and I've received no responses.
Perhaps its no wonder that Merchants don't know what to do, if the members of such PCI groups haven't seen fit to inundate me with responses? But if some Merchants can process the transaction without Security Code, why should others have to ask for it - we're talking about sums less than £50.
So I thought I'd ask the same question of the esteemed Finextra community - don't let me down!
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Eimear Oconnor COO at Form3 Financial Cloud
07 November
Kyrylo Reitor Chief Marketing Officer at International Fintech Business
06 November
Konstantin Rabin Head of Marketing at Kontomatik
Alexander Boehm Chief Executive Officer at PayRate42
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.