PCI Compliance - Storing CC CV2 - Non SSL
I have come across a company that does a lot of business and doesn't have any PCI compliance.
They store the credit card full details, address AND CV2 in plain text in their database.
Their external website doesn't even have an SSL!!!
I know they have a copy of my card details and my father's too. Does anyone know how I would go about reporting this to the correct people. It's based in the UK. I think they bank with Barclays too.
What cards do they accept? You can directly notify credit card companies (Visa, MasterCard, etc) whose cards they accept.
Cool, I shall do that. I ordered with them over the phone but I now know someone who works for them and they told me about the CV2 numbers in general conversation about their sites and in-office system.