Therefore, I had to review DRG’s online processing methods, and I noticed that they were not storing the CVN numbers. However, when I asked the lead web programmer about it, she stated that storing those numbers was against company policy (Schneider, 2013). Nevertheless, first, I needed to research the laws concerning the storing of CVN numbers, this was the first time I had ever been with a company that doesn’t store the numbers. However, just because my prior employees stored the numbers doesn’t necessarily mean that they were correct in doing so. According to Visa (2014), Storing CVV-2 Information is prohibited. Furthermore, Visa Operating Regulations state that merchants and their agents can ask for the code to complete any transaction, over the phone, in person, or online. However, the security code must not be saved (pg. 1). In addition, the Payment Card Industry’s Data Security Standard (includes Visa), also tells merchants not to store the security code. Further, PCI DSS states that merchants should deploy a storage and data retention policy that will limit how much time and how much data is stored (PCI,