Reply
Member
Posts: 1
Registered: ‎12-11-2013

Forced to store CC data in db, including CCV: Am I liable?

Hi,

I'm technically esponsible for a web application used daily by several customers for online payments.

I inherited the codebase of the application and I discovered recently that all credit cards information included CCV are stored in the db. The data are encrypted, but the overall security of the system is low.

 

I notified the issue and the risks to management but I've been forced to stick with this solution.

 

Since I'm the "technical responsible" of the platform, I'd like to know if I could be liable for this situation in case of a security breach.

 

Thank you

Antoni

Contributor
Posts: 13
Registered: ‎06-05-2013

Re: Forced to store CC data in db, including CCV: Am I liable?

If I was in your shoes, I'd have two choices in my head.

 

1) Talk to someone in hopes to get it resolved.

2) Leave.

Expert
Posts: 4,525
Registered: ‎03-08-2010

Re: Forced to store CC data in db, including CCV: Am I liable?

document everything in writing.

Member
Posts: 10
Registered: ‎06-08-2021

Re: Forced to store CC data in db, including CCV: Am I liable?

You can use the getSubscription API now to get info of ultimate 20 transactions related to it here. The response will incorporate the errors reaction for failures.