[TriLUG] Time Warner/spectrum & credit cards

Mauricio Tavares via TriLUG trilug at trilug.org
Fri Apr 14 10:58:44 EDT 2017 

On Thu, Apr 13, 2017 at 6:25 PM, Wes Garrison <wes at xitechusa.com> wrote:
> You mean they store the stripe data?
>
> ...or just the card number?
>
      Counter guy did not slide the card into a reader. The amount of
times he punched into the keypad told me he did not entered a full
card number, much less the other data. Until they let me see him
entering the data, I must assume he entered enough info to lookup the
card.

> It doesn't violate PCI to store the card number, but you certainly can't
> store the CSC or the stripe data.
>
> If I get a chargeback (dispute), I have to be able to look up which card was
> used in the transaction.
>
      Having cardowner's name, the last 4 digits, and the transaction
number should be enough to query your records or those of you payment
processor's if you have settled already and have to do a
return/refund. You should not hold the card info but you can enter the
transaction number, slide a card, and initiate the refund transaction.
I do not remember if the payment processor holds the card info, but I
would rather have them and the issuing bank worry about that . If I
were the merchant, doing end-to-end encryption and just geting
approval codes instead of having to pay $11K to a PCI auditor to show
that I am storing card info in secure and encrypted servers (moving
targets).

> God knows they don't give you any other data.  Just transaction date and
> amount.
>
      Who does not give you any other data?

> _________________________________
> Wesley S. Garrison
> Network Engineer
> Xitech Communications, Inc.
> phone:  (919) 260-0803
> fax:       (919) 932-5051
> __________________________________
> "Lead us not into temptation, but deliver us from email."
>
> On Thu, Apr 13, 2017 at 6:15 PM, Mauricio Tavares via TriLUG
> <trilug at trilug.org> wrote:
>>
>> So I just came from paying my cable modem bill at one of the tw locations.
>> And I found out they store the credit card you used at the counter without
>> asking. That is a no-no by PCI standards.
>> --
>> This message was sent to: Wes <wes at xitechusa.com>
>> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
>> address.
>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>> Unsubscribe or edit options on the web  :
>> http://www.trilug.org/mailman/options/trilug/wes%40xitechusa.com
>> Welcome to TriLUG: http://trilug.org/welcome
>
>

More information about the TriLUG mailing list