The CVV2 code is that little 3-digit code you usually have to provide when ordering stuff online. The PCI security rules prohibit storing it, which is a good security feature.
Lately, I have been getting some bills that can be paid by credit card, mainly from healthcare providers, that ask for the CVV2 code. While my reading of the regs indicates that this is not an actual violation (they are forbidden from storing the CVV2 once the individual transaction is authorized and completed), it still seems like a bad idea to have it written down. So I never provide it. I've never had the billing party object.
Lately, I have been getting some bills that can be paid by credit card, mainly from healthcare providers, that ask for the CVV2 code. While my reading of the regs indicates that this is not an actual violation (they are forbidden from storing the CVV2 once the individual transaction is authorized and completed), it still seems like a bad idea to have it written down. So I never provide it. I've never had the billing party object.
Posts
No comments:
Post a Comment