Menu
Never store the card-validation code or value (three- or four-digit number printed on the front or back of a payment card used to validate card-not-present transactions).
Never Store Electronic Track Data or Card Security Number (PINs). While you may have a business reason to store credit card information, PCI DSS specifically prohibits storing a card's security code or any “tracking data” contained in a magnetic stripe on the back of a credit card.
The Federal Trade Commission has also said merchants shouldn't collect information they don't need. And the regulator advises that when they do collect card information, it is in their interest to hold on to it only as long as there is a bona fide business need to do so.
Possible Duplicates:
I need to store credit card numbers within an e-commerce site. I don't intend on storing the whole credit card number, as this would be highly risky. I would like to store at least the first five digits so I can later identify the financial institution that issued the card. Ideally, I would like to store as much of the credit number as I safely can, to aid any future cross-referencing etc.
How many digits, and which particular digits, can I safely store?
For example, I imagine this would not be safe enough:
5555 5555 555* 4444 Because you could calculate the missing digit.
Similarly, this would be safe, but not be as useful:
5555 5*** **** **** Is there a well accepted pattern for storing partial credit numbers?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With