02-20-2006, 04:02 AM
|
|
|
Confirmed User
Industry Role:
Join Date: Jul 2001
Location: Calgary, Canada
Posts: 4,012
|
Quote:
|
Originally Posted by baycouples
Why not?
|
MasterCard / Visa regulations.
Storage of Account, Cardholder, and Transaction Data
A merchant and any DSE must not store in any system or in any manner,
discretionary card-read data, CVC 2 data, PIN data, Address Verification Service (AVS) data, or any other prohibited information as set forth in the MasterCard Standards including, but not limited to, sections 2.5.5.1.1 and 2.8.2.1 of the Security Rules and Procedures manual, except during the authorization process for a transaction, that is, from the time an Authorization Request message is transmitted and up to the time the Authorization Request Response message is received. MasterCard permits storage of only the card account number, expiration date, cardholder name, and service code, in a secure environment to which access is limited, and then only to the extent that this data is required for bona fide purposes and only for the length of time that the data is required for such purposes.
Be careful about jumping into something... All these regulations, are just one reason why payment processing is such a tough business. |
|
|