I'm at the moment. But before I name&shame I need to get my ducks in a row.
I booked myself a car from a car rental company. They wanted a deposit, I was more than happy with the quoted price (story for another day) and I gladly filled in my credit card details on their HTTPS+Thawte protected page. It was with horror that I realized moments thereafter that I got a booking/quote confirmation email from them with my full billing and credit card details and CVV - the whole shebang in clear text!
As far as I understand it, you are only allowed to store CC details if you are PCI compliant? If you are not PCI compliant one would usually submit payment info directly to a 3rd party payment processor that is PCI compliant and they would then process the transaction or whatnot. So in short full CC data are always handled in a secure PCI compliant environment. Last time I checked email is not regarded as being secure so this rental company is not PCI compliant and is disregarding the safety of my info.
Yes/No/Tips/Comments on how I go about reporting a company like this?