Card Processing Software May Store CC Info

An anonymous reader writes "Visa has sent out a warning to customers stating that some card processing software may keep customer data even after a transaction is complete. The setup, two versions of a software made by Fujitsu Transaction Solutions, is used by such companies as Best Buy, OfficeMax, and Staples. It's unknown if any of these large retailers use the poorly-made versions of the software." From the article: "Visa's warning, which was first reported by The Wall Street Journal on Friday, has raised eyebrows in the financial and retail sectors. The software was flagged at a time when thousands of debit-card holders across the country have reported unauthorized withdrawals from their accounts. Bank of America, Washington Mutual and Citibank are among the financial institutions that have replaced more than 200,000 debit cards in the past two months ..."

This is why cash won't die...

[chivo243]

not in the next 50 years... Until there is a "PERFECT" system in place for financial transactions, plus, too many remote "poor" areas that can't afford the other gizmos required for electronic payment. Long live cold hard cash.

Re:HomeDepot in Canada

[EnglishSteve]

I hate to tell you this, but the store has saved your credit card information almost EVERY TIME you have ever used a credit card in a retail store in recent years. The reason? They HAVE to, otherwise they would never get paid.

What happens is this: at the end of the day, the store (often from the store, but sometimes it's done from the corporate office) and the credit provider perform a process called Settlement, where they compare a log of the credit card transactions for the day. The retailer does not get paid for the credit card sales until the transactions are reconciled.

If the retailer and the credit provider are smart, the data is held and transmitted using encryption, but I know for a fact that this is not always so - I write Point Of Sale/credit authorization systems for a living.

Re:What is needed is the finantial version of HIPP

[TykeClone]

What is needed is a law that forces companies dealing with bank and finantial details (banks, credit card companies, card processors, insurance companies, finance companies, ATM providers, EFTPOS/credit card processing machine providers and so on) to take greater efforts to keep it secure, much like HIPPA mandates high security for medical records.

Banks already have that - it's the Gramm-Leach-Bliley act and purportedly is meant to protect customer financial privacy.

I think that the gist of the article, though, is that the merchants are not under the same regulatory burden - and that is where the weak link in the chain is at the moment.

Re:HomeDepot in Canada

[fermion]

My question is what information does the store have to save in order to do a refund. If the system was well done, it would just be a CC number with the original tranaction number to confirm. Such a system makes a lot of sense as it insures that the credit is applied to the same card and limits the number of person handling the card. Furthermore, it makes some sense for a operation to store the CC number along with the transaction in case the customer later protests the charge. Given the current practice of asking other questions to confirm the purchase, it is not such a big deal. For most retail outlets, a person must have a valid card with valid magnetic strip to make a purchase. These cards are not impossible to fabricate, but it an additional hurdle.

The problem, as I see it, is vendors that store all customer information, in a single logical location, long term. For instance, after a purchase is valiated, which online takes 30 seconds, my adress and CVVC should be delinked from my cc number. Keep the CC number in a transaction log, but get rid of the CVC and only keep the address in a ship log. I know this is not going to happen, as it is complicated, but it should help protect us. I am with you though. We need laws that makes bad practice a liability on the vendors, banks, and device providers that utilize it.