...not without being guilty of breaking with PCI standards. You may store a credit card number if the credit card number is tokenized. You may also dance in the grey areas a little bit by storing an encoded* CVV temporarily at a database and then wiping it out when a transaction is completed. In this scenario you'll also have to have a process running that cleans away CVVs from abandoned transactions. If you are wondering how a wallet works without storing CVVs it is merely by not storing CVVs at all. You do not have to use a CVV in a transaction, but parties which take payments which do not require CVVs are apt to pay higher interchange rates and stick their necks out for more liability in general should a claim be disputed.
*or perhaps encrypted. Does it matter? If the number is encrypted one may quickly encrypt the numbers between 001 and 999 to find the match. How much does encrypting versus encoding matter in this scenario. I'm not sure of the standard here.
No comments:
Post a Comment