Rank: Member
Joined: 11/22/2005(UTC) Posts: 44
|
We process the credit card charges manually when we ship the order.
Upon receiving an order we print the "Admin Receipt" which contains ALL info needed, including the full Credit Card # but we cannot locate the Credit Card CVV code, that our new Credit Card machine requires to process payments...
Obvioulsy we have activated the the "Require CVV Code" on the Admin, but where we can see this CVV code???
THANKS!
|
|
|
|
Rank: Member
Joined: 6/6/2005(UTC) Posts: 483
|
I believe BV software does not store the CVV code anywhere to comply with Federal Laws regarding the CVV code. Most merchants connect BV directly to the CC processor over the internet. This way the processor will have the CVV code just long enough to verify the correct code and complete the transaction saving the merchant a lot of hassle and help keep them in compliance with the law.
Bob Noble
|
|
|
|
Rank: Member
Joined: 11/5/2003(UTC) Posts: 2,136
Was thanked: 1 time(s) in 1 post(s)
|
Originally Posted by: "artistica"
We process the credit card charges manually when we ship the order. Upon receiving an order we print the "Admin Receipt" which contains ALL info needed, including the full Credit Card # but we cannot locate the Credit Card CVV code, that our new Credit Card machine requires to process payments...
Obvioulsy we have activated the the "Require CVV Code" on the Admin, but where we can see this CVV code???
THANKS!
Credit card processors (Visa, Mastercard, etc) have established a set of requirements that online stores must meet to be allowed to collect credit card payments. At a very minimum, the online store must not store the CVV code. BVC5 meets this requirement (and many more). The bottom line is that you will not have access to the CVV code after the order is placed. You either need to change your contract so the CVV is not required, or switch to using the integrated payment processors (i.e. not your machine). If you use an integrated payment processor, you can authorize the charge when the order is placed. The capture the charge when the order is shipped. |
|
|
|
|
Rank: Member
Joined: 11/5/2003(UTC) Posts: 1,786
|
We've been looking into this carefully for PCI compliance and there may be a little wiggle room. Technically, the spec only requires the CVV code to be removed after authorization.
However, it also requires that the CVV code never be stored with the card number. So, the question is how do you define what is means to "store with?" If both the CVV code and the card number are in the same database table it's pretty clear they are stored together. But, if they are stored in different tables on the same machine are they stored together?
There is a little bit of gray area here and it may be possible in the future to store CVV for offline processing.
|
|
|
|
Rank: Member
Joined: 11/5/2003(UTC) Posts: 2,136
Was thanked: 1 time(s) in 1 post(s)
|
In an early version of the PABP, there was a Q&A section that addressed this. From what I remember, the best practice was to physically separate the CVV from the number (until authorization, then destroy it). For example, if the CVV and number were stored on different servers. I think (but it is a hazier memory) the best practice also specified that the CVV should not be stored for more then a minute or two....certainly not enough time to use an offline credit card machine.
In any case, there are auditing firms that can answer this with certainty. |
|
|
|
|
Rank: Member
Joined: 11/5/2003(UTC) Posts: 1,786
|
Thanks Andy. It's not super clear on some of these requirements!
|
|
|
|
Rank: Member
Joined: 11/22/2005(UTC) Posts: 44
|
Thanks to EVERYBODY! You all are right... The CVV code is mostly used when processing payments t a CC Processor...
I contacted our Credit Card processing co. and they removed the CVV Code request when manually processing our sales, so we will also remove the request of entering the CVV from our customers when placing orders on line. THANKS!
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.