Community Forums 

Main Content


    Nov 26 2009 00:02:02


    Michael Schwab

    Join date : 2008-09-18      Posts : 87

    Mals is going to be removing the CVV2 security code box very soon.

    I just lost mine.

    I went into my Cart Setup> Payment Methods > Payment methods
    Standard methods : MANUAL CARD PAYMENT METHOD

    You will find text with a link to change your CVV2 acceptance options now. In my infinite wisdom, I clicked the link, and my CVV2 option was immediately disabled, never to be seen again. Now the customer does NOT have to supply their 3-4 digit security code on the back of their card.

    OK and fine if you are a POS retailer and can swipe the card on a Reader. We do not have that option: the customer supplies their card information, and we manually submit it to Propay.

    I have just spend the entire afternoon on the phone with Propay regarding regulations and PCI Compliance laws. They said it is not required information, but they like online retailers to have it, to protect the card Owner from fraud or ID theft.
    We understand the implications of retaining sensitive data on a server or even a personal computer, all to clearly, having been a victim of card fraud myself.
    It is ILLEGAL to keep card information but many vendors do so, especially when repeat invoicing is in place. It's easier to pull up an old order and resubmit a duplicate payment within a reasonable period of time before deleting the payment information altogether or archiving it after 3 months....

    SO, we rely heavily on that extra bit of security when taking a card payment online.

    CLEARLY we need to download and delete our sales records in a timely manner, so Mals is not liable for possible hacks and data being compromised.

    MAL: Can we shorten the length of time you save orders on the server, so this does not impact your business legally, but allows us the choice to accept our own responsibility? I know...that's asking a lot but I had to throw it out there~ :)

    here's some additional info in the cart:

    * PCI Compliance
    We've setup a special deal with McAfee/ScanAlert so that users can obtain full PCI compliance for their store if they need to. Generally this just effects those who are handling credit card data, as much as anything its to help you focus on ensuring that you do so in a secure way. However some payment gateways like their merchants to follow PCI program too, even where you don't have direct access to card data.

    PCI is partly about technical issues; firewalls, anti-virus software and encryption, most of which we handle. But there is much more to it than that, its also about management; how you choose passwords, what records you keep, where you store data and who has responsibility for it.

    McAfee/ScanAlert offer a full service PCI compliance program for Mal's e-commerce users. With their tutorials and self-assessment "Wizard" many merchants find they can complete the program within just a few hours of enrollment.

    Click here to enroll at McAfee/ScanAlert now...

    The PCI Compliance link is at the bottom of the Standard Payment Options page.