Does your system store CVV2 data? You wish to know if the system stores the last three digits on the back of a credit card (CVV2 data). You wish to process transactions and your merchant provider is requesting this information.
It is never acceptable for acquirers, merchants, or service providers to retain CVV2 data subsequent to transaction authorization. CVV2 data consists of the last three digits printed on the signature panel of all major credit cards. The Visa Operating Regulations prohibit such storage, whether encrypted or unencrypted. We must maintain compliance with these standards, and as such, we cannot (without exception) store this value.
If you are doing manual credit card processing (or after event processing), your merchant account may allow you to process 'card not present' transactions. These may not require the CVV2 data. Please contact your merchant provider directly (ie Authorize.net) and ask them about processing without CVV2 data.
You may also wish to consider DoJiggy Payments or one of our other supported payment processors - we capture CVV2 data only in conjunction with these services. This is because the information is passed directly to the payment processor and never stored.
For more information, see: