How to carefully handle Credit Card Information?Posted by Daniel Brain on June 1st, 2018 Five tips for proper handling the credit card information of your customer. Use Approved Software When a merchant uses POS (Point of Sale) terminal, mobile running payment processor software or swipe machine to conduct transactions, as a merchant it is your duty to make sure that your hardware, as well as software, is PCI Compliant. There are many applications and card readers available that come with security loopholes. Genuine Service Provider You can avail services of a reputed service provider to install credit card processing software, manage credit card processing as well as credit card storage for your business. Service provider includes:
It might also include companies to which the merchant outsources payment-processing functions. Through extensive testing of these service providers, you can make sure that they are trustworthy. Qualified Security Assessor (QSA) who performs a comprehensive audit of policies, procedures and the system of the service providers does this type of testing. Storage of Sensitive Information Payment processing regulations specifically prohibit the storage of credit card security code or any data contained in the magnetic strip of a credit card. Although you may have business reasons for storing credit card information. The card security number is in place to know whether a user of the card over the phone or internet has the possession. Encrypted Electronic Storage For recurring payment authorization or mail order authorization, the merchant might have to store credit card number. If such sensitive data is there as paper documents, you should keep it in a secure place. If you process recurring transactions, you can also store credit card number via electronic storage. But make sure that these files are well encrypted using a robust encrypted algorithm before storing. Phone Recording To monitor the service quality and proof of payment authorization, a merchant might want to record the phone orders. It is advisable to encrypt recorded calls immediately and store it digitally in a limited access, password protected directory. Like it? Share it!More by this author |