Community
The other week in a single day I completed 4 Charitable Donations forms where in 2 instances the paper form only asked for Cardnumber & Expiry Date, whilst in the other 2 instances they also asked for the Security Code to be written down.
In the latter instance, one of the forms was subsequently returned to me as it was incomplete. If that had been intercepted or discarded then there would be scope for mischief/fraud/identity theft? Is there any regulation that says they should not be doing this?
I'm fully aware of the PCI rules regarding storage of such data, this issue is to do with simply recording it on paper and entrusting it to the Royal Mail.
I polled a rival PCI Industry forum 2 weeks ago, and I've received no responses.
Perhaps its no wonder that Merchants don't know what to do, if the members of such PCI groups haven't seen fit to inundate me with responses? But if some Merchants can process the transaction without Security Code, why should others have to ask for it - we're talking about sums less than £50.
So I thought I'd ask the same question of the esteemed Finextra community - don't let me down!
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Kunal Jhunjhunwala Founder at airpay payment services
22 November
Shiv Nanda Content Strategist at https://www.financialexpress.com/
David Smith Information Analyst at ManpowerGroup
20 November
Konstantin Rabin Head of Marketing at Kontomatik
19 November
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.