Maintaining Cardholder Security

You are already using one of the industry’s most advanced payment gateway and fraud protection tools. PayTrace is always working to improve data security, protecting cardholders and merchants from fraudulent transactions.

Each year, we conduct rigorous audits related to the security of cardholder data. During a recent internal audit, we discovered that a few merchants were storing non-compliant data in the discretionary data fields. Essentially, some merchants were saving the CVV, or CVC verification codes in a customer notes field. This is not in compliance with security standards. Version 3.2 of the Payment Card Industry Data Security Standards (PCI-DSS), does not permit storing a card verification code or value (three-digit or four-digit number printed on the front or back of a payment card used to verify card-not-present transactions) after authorization.

To maintain PCI compliance and to protect merchants and customers, PayTrace will continue to audit discretionary fields on a regular basis and automatically delete all non-compliant data.

This will not affect authorization, settlement, or transactions in any way, it will delete any sensitive and non-compliant data that merchants may have mistakenly entered. Merchants should note that if non-compliant data is entered in the same field with other, compliant data all data in the field will be deleted (not just the non-compliant data).

We know you count on us to provide secure and reliable uptime, authorization, settlement and reporting. Thank you again for using PayTrace.