In message <4C518C84E74AD911B0CC0002A5EF4D93464570@CARL57>, at 17:18:46 on Wed, 20 Jul 2005, Fiona Musgrave <[log in to unmask]> writes >Any advice would be gratefully received. How long should credit card details >be retained once the payment has been completed? Speaking as an ex- mail-order and cardholder-not-present business proprietor, you need to concentrate hard on what you mean by "payment has been completed". I have had people challenging payments (via their card company) going back as far as three years. Sometimes, almost successfully. (I have in mind one case when a parent was complaining that their offspring had been using their card for some time, and they'd only just noticed). Looking from the other end of the telescope, what do your T&C say to your customers about the time limit on challenging credit card payments? As a consumer, I look rather critically at vendors who claim that I can't challenge a Credit Card payment that happened more than (eg) 90 days ago. I think I would keep the credit card numbers, account name, amounts of payment, expiry dates (if applicable) and any authorisation codes issued by the card company, for as long as I kept any records at all about the transaction. I wouldn't record the security code (on the signature strip), because the card companies prohibit that. If you were a telco, Charles Clarke would like you to keep the details for a minimum of a year (but no more than three years) in case your customer turned out to be wanted by the police. -- Roland Perry ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^