Quote from JNAPIER   on 04/10/06 at 13:51:42:

From http://usa.visa.com/business/accepting_visa/ops_risk_management/card_not_present .html?it=search#anchor_4
 
To protect CVV2 data from being compromised, Visa U.S.A. Inc. Operating Regulations prohibit merchants from keeping or storing CVV2 numbers once a transaction has been completed.
 
I'm just trying to find a good methiod of complying with it. The only thing I can think of is to use something like IC Verify and do a pre-auth on every sale - get the CVV2 from the customer when they order and enter it directly into IC Verify for that transaction. There are two major hangups for us on that idea. One is the time factor - we often have orders that won't ship for several weeks after we take the order. Doesn't the pre-auth expire in a few days? Also, we need to know that the customer pays by credit card so that we can get the CVV2. We don't currently enter orders directly into DBA, so we'd either have to start (which would be a huge problem for us to overcome, procedure wise) or we have to call each customer back who uses a CC. The fact that I can't think of any reasonable way to do it has prevented me from attempting it.