We have had several salons ask about storage of the CVV code within SalonTouch.  The simple answer is that SalonTouch provides no location for storage of the CVV codes in the software.

The CVV code is a way to ensure that the card is in physical passion of the person giving a card number when the card is not present.  The code can be called many different names by different card issuers such as CID, CVC, CVC2, or CVV2.  American Express codes are on the front of the card and have 4 digits.

Some processing companies require it for keyed or over-the-phone transactions as verification that the person keying the transaction has physical possession of the card.  When this occurs the site or person should never store the CVV code in any fashion to remain PCI-DSS compliant.

This number is considered Sensitive Authentication Data (SAD) and is never stored any processing company that is operating in accordance with PCI-DSS (Payment Card Industry Digital Security Standard). It is only too be used for the initial authorization, but it is NOT stored permanently on ANY system.  The use of the code during the initial authorization helps ensure that the person authorizing the charge has had physical possession of the card.  Subsequent charges are always sent through without this information.

The use of the CVV code is not required to process a transaction.  It is there to help reduce fraud and reduce costs.  As the PCI-DSS standards require that the code is never stored in any fashion, (written, images, plain text, or encrypted digital formats).  The code is not stored on the magnetic strip or the chip.  If the person has the CVV code, this means that they had possession of the card at some point.

If your salon is CVV storing the code in any form either written, electronically, photo copies, or even pictures; you are not PCI-DSS compliant and may be liable for fraudulent charges resulting from that.  Information on CVV storage can be found on the PCI Security Standards Council’s website at: https://blog.pcisecuritystandards.org/faq-can-cvc-be-stored-for-card-on-file-or-recurring-transactions