Also, are there any definite guidlines/rules on this anywhere online I can send my client to? I cant seem to find anything that clearly states "you need to delete cvv numbers after processing" or "you must not store cc details unencrypted". That sort of thing. The websites I have found are quite vague and the ones I have found that state this are forums and just people saying it with no legal link from the cc companies to back it up.
So for example this site does not state either of the above:-
https://www.pcisecuritystandards.org/tech/index.htm
It states "Protect stored cardholder data" which I find a bit vague. Nothing about deleting cvv numers after processing.
Thanks
Bookmarks