Someone just lost 324k payment records, complete with CVVs

&quot;Let&#x27;s talk about that CVV for a moment. ... PCI DSS is very clear about how the CVV (or CVV2 as it is these days) should be stored ... It shouldn&#x27;t be stored and that&#x27;s what makes this breach such a big issue. Violation of PCI DSS guidelines can lead to pretty serious fines and even loss of merchant facilities; the card providers take this very seriously.<p>It checked out - this is the CVV.&quot;

The author doesn&#x27;t explicitly mention it, but the CVVs were saved as a part of debug logging. That mistake should serve as a warning to others implementing PCI DSS systems.

Oh man this Troy guy is the hero we need, fighting the good fight.