Originally posted by: QED
<div class="FTQUOTE"><begin quote>Originally posted by: Baloo
<div class="FTQUOTE"><begin quote>Originally posted by: QED
Why would you be concerned about an employee stealing a card number off of the merchant copy of the receipt, but NOT be concerned when you hand that same employee your actual credit card (16-digit numbers and all)?
And for those that have asked, the store NEEDS to keep your card number in some shape or form until they settle with their merchant provider. Ideally, it should be encrypted in some database and not printed on a hard copy... but they do need to keep it for a short while at a minimum.</end quote></div>
You are not getting the point. The store needs the info is true, but the employees at the register do not need it, and should not have access to receipts with full CC numbers on them. What you don't understand, is that many fraudulant CC charges are done by people who get the CC numbers from those receipts.</end quote></div>
No, I get it. My current contract involves implementing new procedures and standards to allow my client's (a Fortune 100 company) POS and credit-card processing software to meet PCI requirements.
The problem is not that the card number is printed on the merchant's copy of the receipt, per se. The problem is, what does the merchant do to restrict access to those receipts? If they are simply left in a box behind the counter for anyone to take, that is a clear violation of the PCI requirements. Even storage at a register with no access restrictions is a PCI violation.