Originally Posted by
GUWonder
I have to wonder how in or out of legal compliance A3 is with regard to GDPR when it demands and handles such information as it demands to unlock accounts which it has flagged as being suspicious accounts and/or as being accounts with suspicious transactions.
Not only GDPR - IMHO point 4 also breaks PCI (Payment Card Industry) regulations. If you forward their message to your CC issuing organization (like Visa or AMEX - CVC code is on the face of AX card) A3 may be in deep troubles.