On Wed, Oct 10, 2018 at 02:21:40PM +0000, Naslund, Steve wrote:
> For example, with tokenization there is no reason at all for any
> retailer to be storing your credit card data (card number, CVV, exp
> date) at all (let alone unencrypted) but it keeps happening over
> and over.
It's been a while since I've had to professionally worry about this,
but as I recall, compliance with PCI [Payment Card Industry] Data
Security Standards prohibit EVER storing the CVV. Companies which
do may find themselves banned from being able to process card
payments if they're found out (which is unlikely).
- Brian
