The first widely publicized mass theft of CC information was at CD Universe in 1997. No lesson was learned: to this day, many sites retain your CC info: number, billing address, etc. The reason, as far as I can tell, is as a *convenience* to the customer, saving them the onerous chore of re-entering that information when they make their next purchase.
The only site I've run across that offers CC data retention as an option is Alibris. (Or maybe it's ABEBooks; one of the two at any rate.)
The rest seem to be captive to the Microsoft-meme "hold still, we're going to do you a favor you didn't ask for." [This meme is at the root of a lot of the stupidities in MS Windows.]
Isn't it time for Visa, Mastercard and their ilk to flatly forbid merchants to retain this information, no exceptions allowed? If merchants have to retain *something* in case a transaction must be reversed, they can put the CC number through a one-way hash function and use that to validate it when re-input.
Register
CC info retention
The first widely publicized mass theft of CC information was at CD Universe in 1997. No lesson was learned: to this day, many sites retain your CC info: number, billing address, etc. The reason, as far as I can tell, is as a *convenience* to the customer, saving them the onerous chore of re-entering that information when they make their next purchase.
The only site I've run across that offers CC data retention as an option is Alibris. (Or maybe it's ABEBooks; one of the two at any rate.)
The rest seem to be captive to the Microsoft-meme "hold still, we're going to do you a favor you didn't ask for." [This meme is at the root of a lot of the stupidities in MS Windows.]
Isn't it time for Visa, Mastercard and their ilk to flatly forbid merchants to retain this information, no exceptions allowed? If merchants have to retain *something* in case a transaction must be reversed, they can put the CC number through a one-way hash function and use that to validate it when re-input.