If you are a customer of a particular merchant, you may find that this makes the process smoother, allowing for faster future transactions, if you allow them to store your card information. That’s fine, but can a retailer store your credit card details without authorization?
When shopping online, you will likely receive a prompt from the site asking if you would like to save your card information to make shopping easier in the future. This is a way for the merchant to entice you into future purchases. You might even find that the website is set up in such a way that it is easier for you to complete your transaction when you save your card information.
Merchants also want to save your card information when you have recurring charges, for example. That way, they can automatically bill you every month without having to get your card information.
There are consumer privacy, data security, and identity theft laws that may require a merchant to obtain your permission to store your card information for such purposes.
In addition, there are various state laws dealing with credit card fraud, falling under financial transaction card fraud. This is why merchants will usually ask you for permission to store your card information. In Georgia, for example, a merchant cannot use your card without your permission or authorization.
Safety standards for traders
Considering these laws, there appears to be no incentive for a merchant to store your card information without authorization. In addition, there are deterrents to such activity, such as the security standards set by the Payment Card Industry Security Standards Council.
According to this organization, “Organizations that accept payment cards are supposed to protect cardholder data and prevent unauthorized use, whether the data is printed or stored locally, or transmitted over a public network to a remote server or to a service provider ”.
This association also states that “In general, no cardholder data should ever be stored unless it is necessary to meet business needs”.
In addition, the PCI SSC states that a merchant should limit the storage and retention of customer data to the time necessary for business or legal purposes. The standards allow merchants to store your account number, name, and card expiration date according to the guidelines above. However, the body disapproves of a merchant storing a card verification value (CVV) or a personal identification number (PIN).
Federal Trade Commission steps in
The Federal Trade Commission has also said traders shouldn’t be collecting information they don’t need. And the regulator says that when they collect card information, it is in their best interest to keep it only as long as there is a legitimate business need to do so. This means that even if a merchant needs your card information to process a transaction, they don’t need to keep it unless they anticipate future transactions.
And once a business decides it needs to store your card information, it needs to adequately protect it, even from employees who have no business with the information.
The bottom line
A merchant will usually ask for your permission before storing your card information to avoid breaking any laws. Online sites will likely want to store your information to facilitate future transactions. Merchants would also like to have this entry to enable recurring charges.
If there is no legitimate business need, industry data storage laws are strict and there is no incentive for a merchant to store your card information.
(Visit Bankrate online at bankrate.com.)
© 2021 Bankrate.com. Distributed by Tribune Content Agency, LLC.
Copyright 2021 Tribune Content Agency.