Payment Card Industry (PCI) compliance isn’t just a standard, it’s your responsibility as a business owner. The majority of consumers prefer to pay with a card, and nearly 70% will stop doing business with a company that has suffered a security breach. If you want to keep your consumers, proper handling of payment card information should be a top priority. These five tips for handling of credit card information will help you keep client data safe and ensure your business is PCI compliant.
1. Only Use Approved Software and Equipment
The method you use for processing payments is your first point of risk for handling credit card information. Cheap or free payment solutions likely have security holes which could put you at risk of a security breach. Regardless of your payment methods, both online software and also any swiper equipment you use must be PCI compliant. You can check compliance with PCI Data Security Standards (DSS) by searching the PCI-approved PIN Transaction Devices (PTD) list and Validated Payment Application list.
2. Only Use Approved Service Providers
Using a service provider can relieve much of the stress of handling credit card information – but only if you choose the right one. Part of your own company’s PCI compliance is to ensure that you only use a “PCI DSS Validated Entity.” This means the service provider underwent and passed a comprehensive audit by an external Qualified Security Assessor.
3. Never Store Track Data
The information held in the magnetic strip on the back of the card and the card security number, also referred to as CSC, CID and CVV2, are known as track data. No company is allowed to store this data in any form. Make certain that your processing equipment, software and service providers do not store track data in any systems.
4. Encrypt the Electronic Data You Do Store
If you utilise recurring payment authorizations or any other circumstance that makes electronic storing of the credit card number necessary, always encrypt the data. This is especially important for mobile devices. If you do business on your cell phone, laptop or tablet, use a robust encryption algorithm to ensure PCI compliance.
5. Secure All Stored Paper Data
If you use paper receipts or invoices, store them in a safe place. This includes any copies you may have at job sites as well as at the office and points of sale. Destroy (don’t toss into the rubbish bin) transaction print offs that the customer doesn’t take with them.Keep your business and your customers safe. To view other scenarios and see how to properly handle payment card transactions, visit the PCI compliance page at IntegraPay today.