[ic] mv_credit_card_cvv2 is no longer capture in mv_credit_card_info

DB DB at M-and-D.com
Tue Oct 20 11:35:27 UTC 2009

> Author: Jon Jensen <jon at endpoint.com>
> Date:   Thu Jun 18 22:56:42 2009 -0600
>     Remove CVV2/CSC from default credit card encrypted block template
>     The card security code should not be stored at all, even in encrypted
>     form. This makes the default behavior compliant with section 3.2.2 of
>     PCI-DSS 1.2:
> https://www.pcisecuritystandards.org/security_standards/download.html?id=pci
>     It is of course still possible to manually supply a template that
>     stores the card security code in violation of PCI-DSS requirements, so
>     developers should review any custom credit card encryption templates
>     to make sure that the CVV2 is not included, and purge it from any
>     historical data they have stored.
>     Thanks to Mark Lipscombe for calling attention to this.
> CU,
> Gert

I have a client that runs charges manually on a terminal using the
credit card data (including cvv) that's decrypted from emails sent by
the server. Without undoing the above change and breaking compliance, is
there no way for my client to continue this practice?


More information about the interchange-users mailing list