The credit card processor we use only goes up for 6 years, so if you tried to buy something from us, we'd be totally unable to run your card. >_<

^-.-^

When one of my credit cards was jacked by a sociopath neighbor, all she had was a statement stolen from the mail. That doesn't have the CVV or expiration date on it...she probably tried it online first, then called in with some story why she didn't have that info (or just pulled some numbers out of her ass and for some reason the system accepted it).

.... *blink* ummm, all places require the expiration date. wth?

...she's stolen it, pure & simple.

Regarding keeping CC numbers in the system (and this is one of those "from what I was told/instructed" posts. YMMV):

In the US, at least, policies which were most recently modified last summer place some rather severe restrictions on what CC data businesses may and may not keep, even going so far as to require a "network audit" to make it harder for the info to be accessed by outside parties (businesses may elect to do their own audits rather than paying an outside firm, if they wish -- I did ours. We didn't even come close. Boss didn't care. Glad I'm not there anymore >_>). It covers things like network setup, passwords in particular, what portion of a CC number may be shown to what type of user, etc.

e.g.: While a business does not HAVE to retain CC info once the sale has been processed through the merchant service (I think), some do and some don't. If they do, most users are allowed to see only the last 4 digits once the card# has been entered. Long story short, nobody short of Da Boss should even have unrestricted access to CC info, and even then, he is supposed to have a good reason (if he's literally the only one with access "just so there is one-and-only-one person with full access", that counts).

Oh yeah, one teensy tiny little thing: If anyone works for a business that retains records of the CCV/CSV codes (the numbers on the back)...PLEASE ask them to stop doing so, and delete that information. That's been a MAJOR no-no for years; however, it doesn't always stop shops from maintaining a record of that data (the only legit reason to keep it is so you don't have to keep asking for it; Merchant Rates often go down if you have that info handy). Fortunately, this would apply mainly to offices that enter CC info by hand, rather than using a MCR/card swiper thingy.

wiki article here, provided mainly as a source for other links to check out: http://en.wikipedia.org/wiki/Payment...urity_Standard

She may have it written down somewhere, like in her phone book.

My mom does this so in case she doesn't have her card within arm's reach, she can get her book and use that to pay bills.

But then she also has the expiration date AND the 3 digit security code on the back written down as well.

She has my card number written down as well . . . just in case.

Better safe than sorry . . .

Yeah, we actually use a DOS-based system for phone order entry because it's fast and very stable, but as such, it doesn't have dropdowns. Also, as soon as we enter a CC number and expiration date and hit Enter to save it, asterisks replace all but the last 4 numbers on the card. Finally, though our website does require the CVV, our phone order system does not. So I didn't even need that from her, just the expiration date.

It's all about security, people...yes, it's convenient for you to be able to save your CC information when shopping online or over the phone, but if the system is compromised, say hello to identity theft. And I am SURE she would be calling us to complain about how we allowed her CC info to get into the hacker's hands.