Talk

Advanced search

Mumsnet has not checked the qualifications of anyone posting here. If you have any legal concerns we suggest you consult a solicitor.

Can a company write my card details on a scrap of paper?

(5 Posts)
mrmump Fri 19-Oct-12 18:40:01

Just discovered that an insurance company has written my card details on a piece of paper to be input later, so basically my information is laying about on his desk. I can't find anything on the data protection site. Can they legally do this?

izzyizin Sat 20-Oct-12 01:46:54

How did you come to discover this? Were you in the process of paying the insurance company over the phone and, after you'd given your card details, told that there was a problem which meant your card info would be input at a later time?

zinaida Sat 20-Oct-12 02:18:03

Marking my place as I used to do this at my place of work and need to know if its illegal! Oh dear.

dilbertina Sat 20-Oct-12 10:42:11

I would have thought it is fine legally, although they would have a responsibility to take reasonable steps to protect your details. If you suffered a loss because of negligence on their part you may have a claim against them. Do the general public access this office?

Small companies up and down country who take telephone orders will indeed be scribbling details on bits of paper...and plenty of larger ones.

IDontDoIroning Sat 20-Oct-12 10:58:34

Ok long explanation sorry but they are definately in the wrong.

There is a set of guidelines called the "Payment Card Indusrty Directive on Security Standards" or PCIDSS. All organisations that take credit or debit cards MUST comply with them or face very large fines from their card acquiring banks.
There are I believe several levels of security depending on the value and number of transactions so that your corner shop will have less requirements than say Marks and Spencer's. Also there are specific additional requirements for companies that input card info into computers.

The basic requirements for all companies is that they have to keep card information secure. Ie no writing down of card numbers and other details. Card holder not present sales ie phone calls can only be processed while you are actually on the phone writing them down and inputting later is totally wrong.

So the bottom line is that they are in the wrong. Get in contact and ask about their PCI DSS compliance policy.

Hopefully that will give them a wake up call.

Join the discussion

Join the discussion

Registering is free, easy, and means you can join in the discussion, get discounts, win prizes and lots more.

Register now