The thing about my credit card: it has the credit card number and the CCV on the same side.
Is that legally even allowed?
Storing the CVV field after authorization (in any format, encrypted or not) is not permitted under The Payment Card Industry Data Security Standard.
Sensitive authentication data must never be stored after authorization – even if this data is encrypted.
[…]
• Never store the card-validation code or value (three- or four-digit number printed on the front or back of a payment card used to validate card-not-present transactions).
See this fact sheet.
Additionally, scanning the card seems to me to raise other concerns about the physical security of the computers on which the images are stored, and the technical security in effect on that computer, and the vetting and training of staff who are authorized to access the computer; but it is perhaps possible the merchant is complaint with the PCI-DSS in this respect.
A merchant who violates the PCI-DSS may be fined by the acquirer or lose their access to the card network, depending on their merchant agreement.
In some places and in some US states, compliance with the PCI-DSS is legally required. But I do not think it is required in New York. Other local law may impose similar provisions to the PCI-DSS though.
In your shoes, I would complain to my credit card issuer, on the basis that the issuer is doing business with an unreputable merchant and I was disappointed that the high reputation of the card network has been tarnished by its association with this merchant.
A lot of the time, hotels take a card and swipe/scan it for incidentals such as the minibar, room service, laundry etc. however I haven’t had this happen to me at a hostel before. I’m sure it’s just the same kind of situation and the hostel is more of a higher end version of what I have experienced before. I wouldn’t worry, but if you are, just keep an eye on your statements and report anything suspicious to your bank. With the security number on the front it sounds like an Amex to me, and they are extremely stringent with fraudulent activity.
Credit:stackoverflow.com‘
4 Mar, 2024
5 Mar, 2024
5 Mar, 2024