cancel
Showing results for 
Search instead for 
Did you mean: 

Forced to store CC data in db, including CCV: Am I liable?

Hi,

I'm technically esponsible for a web application used daily by several customers for online payments.

I inherited the codebase of the application and I discovered recently that all credit cards information included CCV are stored in the db. The data are encrypted, but the overall security of the system is low.

 

I notified the issue and the risks to management but I've been forced to stick with this solution.

 

Since I'm the "technical responsible" of the platform, I'd like to know if I could be liable for this situation in case of a security breach.

 

Thank you

Antoni

amorenofu
Member
2 REPLIES 2

If I was in your shoes, I'd have two choices in my head.

 

1) Talk to someone in hopes to get it resolved.

2) Leave.

iBotPeaches
Contributor

document everything in writing.