developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a question

Forced to store CC data in db, including CCV: Am I liable?

Hi,

I'm technically esponsible for a web application used daily by several customers for online payments.

I inherited the codebase of the application and I discovered recently that all credit cards information included CCV are stored in the db. The data are encrypted, but the overall security of the system is low.

 

I notified the issue and the risks to management but I've been forced to stick with this solution.

 

Since I'm the "technical responsible" of the platform, I'd like to know if I could be liable for this situation in case of a security breach.

 

Thank you

Antoni

amorenofu
Member

โ€Ž12-11-2013 02:44 AM

0 Kudos
2 REPLIES 2

If I was in your shoes, I'd have two choices in my head.

 

1) Talk to someone in hopes to get it resolved.

2) Leave.

iBotPeaches
Contributor

โ€Ž12-11-2013 04:02 PM

0 Kudos

document everything in writing.

RaynorC1emen7
Expert
In response to iBotPeaches

โ€Ž12-11-2013 04:35 PM

0 Kudos
Related Topics
Copyright © 2024 Khoros, LLC