Blog article
See all stories »

Guidelines for Merchants re writing down of Security Code?

The other week in a single day I completed 4 Charitable Donations forms where in 2 instances the paper form only asked for Cardnumber & Expiry Date, whilst in the other 2 instances they also asked for the Security Code to be written down.

In the latter instance, one of the forms was subsequently returned to me as it was incomplete. If that had been intercepted or discarded then there would be scope for mischief/fraud/identity theft? Is there any regulation that says they should not be doing this?

I'm fully aware of the PCI rules regarding storage of such data, this issue is to do with simply recording it on paper and entrusting it to the Royal Mail. 

I polled a rival PCI Industry forum 2 weeks ago, and I've received no responses. 

Perhaps its no wonder that Merchants don't know what to do, if the members of such PCI groups haven't seen fit to inundate me with responses? But if some Merchants can process the transaction without Security Code, why should others have to ask for it - we're talking about sums less than £50.

So I thought I'd ask the same question of the esteemed Finextra community - don't let me down!


Comments: (0)

Keith Appleyard

Keith Appleyard

IT Consultant

available for hire

Member since

17 Aug 2007



Blog posts




This post is from a series of posts in the group:


A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

See all

Now hiring