Forums

Forums -> Payment Issues -> Does DynaDot keep CC, PayPal, or bank numbers on customers?
patampulla posted:
0
I guess the title says it all.

After a credit card/Pay Pal/check transaction has gone through, does DynaDot keep any of the confidential and personal numbers that could allow someone access to customer monies?

With the Government, insurance companies, hospitals and banks all having problems with customer data leaking, it would be comforting to be assured that DynaDot isn't keeping keeping credit card, Pay Pal, or check data around after payment's been received.

Given the passwords, secret question, and customer phone numbers I can't think of any good reason why DynaDot would want to to keep the financial access numbers (if it ain't there it simply can't go astray), but I just wanted to be sure.

Thanks,

Pat Ampulla
ReplyQuote10/12/2006 13:09
teamdynadot posted:
Your question is answered in our Privacy Policy (http://www.dynadot.com/privacy_policy.html) under the "What information is collected?" section.  Here is the paragraph that addresses your question:

"If you are placing an order, the Service collects your credit card number and/or other billing information. This information is used only to collect payment for services rendered. If you are placing an order or logging in to your customer account, the Service may log your IP address as a security measure. If you purchase digital (SSL) certificate services, the Service also collects information about your subject domain name registration."
ReplyQuote10/12/2006 15:25
patampulla posted:
I saw the "Information is used only to collect payment for services rendered." statment and it's reassuring -- up to a point.

My question is what happens to the information after it has been "used?"  Is the credit card, Pay Pal or bank information "kept" in a database or promptly disposed of without leaving a trace?

The reason I asked is that when I made a second small domain transfer into Dynadot, the payment screen revealed the first four and last four digits of my credit card and asked me to confirm what amounted to only the remaining 8 digits.  This gave me pause and gave rise to my question.

Any chance Dynadot will offer the customer the option to save or not save these financial specifics?

My concern is that somehow, through no fault of Dynadot, the information might get lose.  Bad things happen to good people, so if the information is not "kept" after it has been "used" there would be no chance of an information leak.

Paranoid minds want to know<g>

Pat Ampulla
ReplyQuote10/12/2006 18:05
teamdynadot posted:
I see your point.  I will ask my manager for details and will answer your questions when I have answers.
ReplyQuote10/13/2006 11:58
patampulla posted:
Thanks, I'll check back later to see what you found out.

Undoubtably this is a double edged sword -- some customers are asking for financial information to be kept for auto renewal, and some (like me) are concerned about the upsurge in identity theft.

The best solution I recall seeing is a site that gave you the option to "keep financial records for convenient shopping" with the alternative presumably being disposal of the information once the transaction is completed (wanna bet that the necessary disposal software is a nightmare to write?).

Alternatively, folks like me with security concerns might be able to harness DynaDot's novel option to in effect keep a credit balance by depositing a sum to draw against.  If no bank information is kept once the instrument clears, this approach would assuage security concerns like mine.

The reserve could also be a boon for those of us in a corporate environment where small procurements are a PITA. But the only paper instruments DynaDot accepts are certified checks and money orders.  Those instruments are rarely issued by accounting departments.  I imagine this policy is directed at international transactions where clearing can be both costly and uncertain. However, it would be attractive if DynaDot could accept domestic checks (perhaps with a three day wait until the check clears) for establishing or refreshing the reserve.

Sorry about running on so...

Pat Ampulla
ReplyQuote10/17/2006 04:44
teamdynadot posted:
Thank you for your email regarding the storage of credit card data. We have noticed that identity theft is becoming an increasing concern for our customers.

We do store credit card information in our database. That is why returning customers are able to pay by credit card just by re-entering their credit card number. I believe most online stores do something similar.

We do take considerable measures to prevent hacking of our website. We run a secure, frequently updated operating system. Our site is programmed in an interpreted language that minimizes the risk of buffer overflow exploits. We have a extremely restrictive firewall. We run SSL for the account and order area. And we never print out your full credit card number anywhere in our site, to prevent browser caching of sensitive information.

Your idea of having an option to delete the credit card information immediately ofter processing is a good one. However, we are required by the credit card companies to keep a record of all transactions in case of customer disputes. So even though the credit card info would be erased from the account area, it would still exist in our processing logs. It is a tough problem for us to make everyone happy.

Probably the best option for those concerned about credit card theft is to use Paypal or Moneybookers. That way your credit card is only at one place, instead of at lots of online stores all over the web.

Another option is to use money orders or cashier's checks. I will add a feature request that we accept regular checks. We would have to wait for the checks to clear however. But I think it is an excellent idea.
ReplyQuote10/18/2006 14:19
patampulla posted:
Hmm.  I didn't know the CC folks required you to hang on to the CC information for more than 60 days.

The idea of paranoids like me keeping a small cash reserve with DynaDot seems fair enough -- particularly if checks drawn on domestic banks can be used.  That way there's no financial information about us paranoids to get lost and more carefree folks who want the convenience of a CC card on file can still do that.

But I've already used a CC to set up my account.  Can the financial information be expunged after say 90 days or should I close the account and start another one or...?

Sorry to be such a PITA with all these questions.

Pat Ampulla
ReplyQuote10/20/2006 11:50
teamdynadot posted:
I think we are required to preserve the processing logs for 1 year.

You can set up another account, but the processing logs from your old account will still be in the system.

By the way, you can delete credit cards from your account. There is a credit card management page in the account area. If the credit card is deleted, at least nobody will see your billing address and expiration date if they break into your account.
ReplyQuote10/22/2006 11:18
teamdynadot posted:
We now accept personal checks. This option is perfect for security conscious customers. We never enter your bank account number into our system.

http://www.dynadot.com/company/payment.html


[This post has been edited by dynadot_staff on Nov 3, 2006 15:56.]
ReplyQuote11/2/2006 12:44
patampulla posted:
Works for me!

I just put in a procurement for "registrar services" and accounting will send a check for a reserve.  Presumably our ID is sufficient for DynaDot to know where the reserve goes?

It's the best of both worlds for me because I don't have to use a CC and only need to run through procurement once or twice a year to replentish the account.

Thanks,

Pat Ampulla
ReplyQuote11/3/2006 06:04
pat_ampulla posted:
I followed your advice, set up a second account, and moved my domains to it.

Frankly, I'm impressed!

Everything went rationally and flawlessly.  I particularly liked the double check with my old account to make sure the transfer was acceptable.

I'm convinced. DynaDot is for real. It first I didn't think any registrar delivers honorable service, but here's one that does -- and at a low price to boot.

FWIW I exercised many of the options on a few throw-away domains because I didn't believe an $8 per year registrar could offer better service or features than a major registrar that charges over $30 per year.

DynaDot has met every challenge.  Privacy, flexibility, useability, and support.

The domain management features are logical, well presented, seem complete (I didn't try setting up a domain as a name server yet) and simple to use.

Not once when I was at my annoying best did customer support blow me off or stick a thumb in my eye.

As I said before, I'm impressed... And you guys have reason to be proud of your product.

Pat Ampulla


[This post has been edited by p_a_las vegas_us on Nov 3, 2006 07:19.]
ReplyQuote11/3/2006 07:09