Question

Why does DigitalOcean request CVV of my credit card?

  • Posted April 4, 2014

I didn’t notice that until I heard a local E-commerce company save customers’ CVV in plain text (together with all other info of the card), and a system leak made it quite easy for hackers to steal them.

I like DO’s service very much, but this raise some safety concern, why does DO request CVV, but other companies like Amazon or Linode don’t?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

We do not store your CVV code – CC processing is handled by Braintree Payment Solutions which is PCI-DSS compliant. See <a href=“https://www.digitalocean.com/security/”>our security page</a>.

Actually, merchants are not allowed to store CVV code. <br> <br>https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf (look at the table on the last page). <br> <br>Traditionally, the CVV is used to process a single transaction. That transaction is then referenced moving forward for processing any recurring transactions. <br> <br>

Hmm … you’re right, Linode also ask for that. <br> <br>I googled a bit, looks like the cost of merchants are different when submitting transactions with or without CVV. <br> <br>I don’t know how dangerous it is but saving CVV sounds like a bad idea since it defeats the proof of the owner’s physical possession. <br> <br>

Linode does request your CVV, if your card requires it. Don’t believe me? http://files.md-5.net/s/E0SF.png <br> <br>You can be assured that your CVV is stored just as securely as the number itself.