Stop asking me for Security Codes on paper invoices, part 2

I wrote about this topic before: see here:

The Card Security Code is located on the back of MasterCard, Visa and Discover credit or debit cards and is typically a separate group of 3 digits to the right of the signature strip.

Now the latest perpetrator is an organization that:

is the global, not-for-profit leader in educating and certifying information security professionals throughout their careers. Recognized for Gold Standard certifications and world class education programs.

So when paying for my annual dues for a security certification: I see the following prompt for my “Security Code”



PCI 3.3.2:

“Do not store the card validation value or code (three-digit or four-digit number printed on the front or back of a payment card) used to verify card-not-present transactions”

More here on the Visa CVV2 fact sheet:

Q. Can merchants store my 3-digit code?
A. No. To ensure information security, all merchants are prohibited from storing the 3-digit code in any format whether on paper drafts, receipts or electronically.

From : Rules for Visa Merchants

Avoid CVV2 Storage. All merchants are prohibited from storing CVV2 data.
When asking a cardholder for CVV2, merchants must not document this
information on any kind of paper order form
or store it on any database.


Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now