Which card data online merchant can store and what can he do with it?
I see that to perform on-line transaction with credit (or debit) card you usually need 3 pieces of information
Card number
Expiration date
Security code
Some merchants offer option to store payment method for later use. What is stored then as usual practice and what merchant can do with this data without card holder supplying the rest?
The source of this question is my observation that if I save my debit card transaction as a payment method the subsequent uses are not authorized by my bank. I expect that
They are not saving everything
They expect the information saved do be enough for bank to authorize transaction
They are expecting it to be enough because they are not asking me to supply the rest
My guess is that it may be difference between credit and debit card handling.
This is rewrite of question to get better answers so the comments may refer to original form of the question.
(1)1 Comments
Sorted by latest first Latest Oldest Best
From a security perspective, once you give that information to a merchant, they can do whatever they like with it, including leak it to malicious actors.
Typically, a reputable, security-conscious merchant will not store the actual card data. The merchant provides card data to their payment processor, who returns a token. The token is then used for subsequent transactions but doesn't contain the credit card number or other data.
Example reading: community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Tokenization-101-with-CIM-and-CRE-Secure/ba-p/22911
Terms of Use Privacy policy Contact About Cancellation policy © freshhoot.com2025 All Rights reserved.