New Store Credit Card Info Feature!

In 2.0.9 there is a feature in customer’s profiles that allows them to store their credit card data including the expiry date and CVV number. Does anyone know how to disable this feature? I don’t know what on earth CSC was thinking as anyone who is caught with stored CVV data risks having their merchant account pulled and/or huge fines if this data were ever comprised.

PCI DSS Requirement:

3.2.2 Do not store the cardverification

code or value (threedigit

or four-digit number printed on

the front or back of a payment

card) used to verify card-notpresent


I agree with you.

Though I am not entire sure on what the exact specifications are concerning capturing cc info with orders etc.

But the lack of an option to turn off/disable storing of cc info is a huge mistake.

Imagine store owners using paypal as their only payment method, and do not even have SSL installed in their store, but their customers (not knowing any better) decided to store their CC info on that store in their profile, just because there is an option to do so.


I’d like to disable this functionality. I don’t want any CVVs stored on my servers.