DO Ideas 2

CVV cannot be stored long term per PCI regulations. You should not be asking for and/or storing this number when a new payment method is add

Remove the CVV field from all forms other than one-time payment forms.

  • Anonymous
  • Sep 11 2018
  • Shipped
  • Sep 11, 2018

    Admin Response

    All of our payment processing is done by BrainTreePayment Solutions which is also used by Github and 37signals, we do not store this information, it is handed off to them for processing. They also do not store the CVV value it is only used for account verification and never stored. BrainTreePayment Solutions is fully PCI certified. Thanks!
  • Attach files
  • Francis Levasseur commented
    September 11, 2018 18:21

    I'm not from DO staff but we (our business) process credit card payments four our customers (b2b).

    We ask the end-user to enter his cvv to validate the card the first time. This is illegal to save cvv and it is not required for transactions. But any business that is processing credit cards must validate it before storing data.

    "Thread closed"