Use of credit card for making online purchases is very common nowadays. But due to incidences, like data breaching; customers worry about how sensitive data (personal information of customer as well as credit card details) use by merchants. As a merchant, you need to open a merchant account to carry out transactions and if your payment processor accepts credit card payment, you as a business owner is contractually obligated to provide security to your customer’s sensitive information shared while completing transaction process, which is imprinted in the contract you signed. If you are using third-party software to manage customer’s information, it should be able to protect all the information of your customer.

Five tips for proper handling the credit card information of your customer.

Keep your customer’s data safe with these useful tips.

Use Approved Software

When a merchant uses POS (Point of Sale) terminal, mobile running payment processor software or swipe machine to conduct transactions, as a merchant it is your duty to make sure that your hardware, as well as software, is PCI Compliant. There are many applications and card readers available that come with security loopholes. So, it is advisable to choose reputable hardware and software vendors who take full responsibility for the integrity of their product. For the long run and good reputation of your business make sure to use tested and approved solution.

Genuine Service Provider 

You can avail services of a reputed service provider to install credit card processing software, manage credit card processing as well as credit card storage for your business. Service provider includes:

• SaaS (Web-based software)
• IVR phone services

It might also include companies to which the merchant outsources payment-processing functions. Through extensive testing of these service providers, you can make sure that they are trustworthy. Qualified Security Assessor (QSA) who performs a comprehensive audit of policies, procedures and the system of the service providers does this type of testing. You can only use PCI DSS Validated service provider as a part of a contract signed.

Storage of Sensitive Information

Payment processing regulations specifically prohibit the storage of credit card security code or any data contained in the magnetic strip of a credit card. Although you may have business reasons for storing credit card information. The card security number is in place to know whether a user of the card over the phone or internet has the possession. But if the security code is stolen, this approach will not work. In the magnetic stick, which is on the backside of the credit card, track data is stored. This contains the information of the account that is otherwise don’t show on the card. This data assists with authentication and the card cannot be fake.

Encrypted Electronic Storage

For recurring payment authorization or mail order authorization, the merchant might have to store credit card number. If such sensitive data is there as paper documents, you should keep it in a secure place. If you process recurring transactions, you can also store credit card number via electronic storage. But make sure that these files are well encrypted using a robust encrypted algorithm before storing. This provides protection against unauthorized access or if you lose your computer.

Phone Recording 

To monitor the service quality and proof of payment authorization, a merchant might want to record the phone orders. It is advisable to encrypt recorded calls immediately and store it digitally in a limited access, password protected directory. Additionally, make sure that there is no other software aligning to this storage system as it may expose these credit card numbers.

Final Words

By simply following these five steps, you can meet your contractual requirements to protect credit card account information. Also, the merchant can be PCI compliant. It will also help merchant in gaining customer’s confidence and loyalty, which will help in increasing the revenue.