Active discussions

Meet the Other Phone. Only the apps you allow.

Meet the Other Phone.
Only the apps you allow.

Buy now

Please or to access all these features

Talk
Legal matters

Mumsnet has not checked the qualifications of anyone posting here. If you have any legal concerns we suggest you consult a solicitor.

Original poster

Can a company write my card details on a scrap of paper?

4 replies

mrmump · 19/10/2012 18:40

Just discovered that an insurance company has written my card details on a piece of paper to be input later, so basically my information is laying about on his desk. I can't find anything on the data protection site. Can they legally do this?

OP posts:
izzyizin · 20/10/2012 01:46

How did you come to discover this? Were you in the process of paying the insurance company over the phone and, after you'd given your card details, told that there was a problem which meant your card info would be input at a later time?

zinaida · 20/10/2012 02:18

Marking my place as I used to do this at my place of work and need to know if its illegal! Oh dear.

dilbertina · 20/10/2012 10:42

I would have thought it is fine legally, although they would have a responsibility to take reasonable steps to protect your details. If you suffered a loss because of negligence on their part you may have a claim against them. Do the general public access this office?

Small companies up and down country who take telephone orders will indeed be scribbling details on bits of paper...and plenty of larger ones.

IDontDoIroning · 20/10/2012 10:58

Ok long explanation sorry but they are definately in the wrong.

There is a set of guidelines called the "Payment Card Indusrty Directive on Security Standards" or PCIDSS. All organisations that take credit or debit cards MUST comply with them or face very large fines from their card acquiring banks.
There are I believe several levels of security depending on the value and number of transactions so that your corner shop will have less requirements than say Marks and Spencer's. Also there are specific additional requirements for companies that input card info into computers.

The basic requirements for all companies is that they have to keep card information secure. Ie no writing down of card numbers and other details. Card holder not present sales ie phone calls can only be processed while you are actually on the phone writing them down and inputting later is totally wrong.

So the bottom line is that they are in the wrong. Get in contact and ask about their PCI DSS compliance policy.

Hopefully that will give them a wake up call.

New posts on this thread. Refresh page