We've had many questions on why we don't offer the ability to store the credit card security codes (CVV/CVC) from MasterCard/Visa. Here is some information from both companies regarding their stance on storing this information.
Page 50:Do not store CVV2 data.
– For information security purposes, Visa U.S.A. Inc. Operating
Regulations prohibit e-commerce merchants from storing CVV2 data.
Page 5-2:188.8.131.52 Disclosure Restrictions for CVC 2 Data
Acquirers, merchants, and merchant service providers may not store CVC 2
data in any manner or for any purpose.
Assessments for failure to adhere to these CVC 2 data use and safeguarding
rules will apply. MasterCard may impose a noncompliance assessment of up
to USD 100,000 for each violation if the acquirer, or any of its merchants or
Member Service Providers (MSPs), fails to comply with these requirements
within 30 days of discovery or notice of noncompliance.