[rhizome]

Oh heck, let's just verify on the whole card number. Apparently GoDaddy's CSRs have access to it such that management can just arbitrarily increase the number of digits to check.

Not reported: whether PayPal will also increase the number of digits they hand out via social engineering.

[Zenst]

That is not only a valid point, but a major one upon many levels. I would of thought storing the credit card in full (double eek if they also store the 3 digit security code) would be against the PCI compliance guidlines.

I'm aware if the customer gives permision (repeat customer) is an exception. Though in these situations if it is proven that access was your companies fault then you are liable. Which in this situation, whilst no charge to the credit card (we are aware of) was made. The lapse of security did have financial reprocusions.