undefined | Better HN

0 pointsmirkules15y ago0 comments

I was recently looking up some guidelines on storing credit card information, and according to section 3.2 of the official PCI guidelines (https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Q...), CCV is not allowed to be stored, along with PIN or Full Magnetic Stripe data. Hopefully, Sony didn't do that or they will also face hefty fines in addition to bad PR and lawsuits.

0 comments

3 comments · 2 top-level

HelloBeautiful15y ago· 1 in thread

Lows and rules don't apply to mega-corps like Sony, Amazon, Ebay/PayPal, Google, Apple, etc. They all have no problem storing all this together with address, SSN and everything else.

dschobel15y ago

You can't make allegations like that with zero supporting evidence. I mean you can... but you'll look silly.

JoachimSchipper15y ago

Disposaboy posted a mistakenly [dead] comment one hour before this:

> I don't personally know whether this is valid or not but there are comments on http://news.ycombinator.com/item?id=2502477 [URL repeated, may have triggered spam filter?] that suggest that in at least some cases it's possible to charge a credit card without the CVV.

j / k navigate · click thread line to collapse