CVV codes without autocomplete attribute
Whenever I submit a form with CVV codes I wonder about if the company is storing CVV codes.
I went to MyDomain.com to update my CC and their form has a CVV code that doesn't have the autocomplete='off' attribute so my browser remembers the CVV number. I opened a ticket to let them know.
MyDomain.com: "CVV number is your additional protection to ensure that your Credit Card information is not being used fraudulently." I replied - that is my point.
MyDomain.com: "If you still feel CVV number is in the account seen please get back with screenshot of the page." I replied - No, then you'd have my CVV code with is supposed to be private. (their ticketing system doesn't allow screenshots either)
MyDomain.com: "Yes, the CVV number is not visible for the customers due to Security reason." I replied - It's not PCI DSS compliant to store CVV codes, it may even be illegal.
MyDomain.com's legal response: "I wanted to personally take an opportunity and confirm that we do "not" store CVV information, nor do we store the entire 16 digits of a credit card." I replied - How do you charge my card without the number?
MyDomain.com's legal response: "At this time we have no immediate plans on making specific changes to our billing submission forms as you have requested"
It makes me uncomfortable using a company that doesn't understand the internet to hold all of my domains. If you have suggestions of other domain registrars please comment. I am thinking of migrating.
No comments yet.