ADVERTISEMENT

Securely storing customer card data

By

Your Business Credit
Your
Elaine Pofeldt is a journalist whose articles on entrepreneurship and careers have appeared in Fortune, Working Mother, Money and many other publications. She is a former senior editor at Fortune Small Business magazine and an entrepreneur herself, as co-founder of 200kfreelancer.com, a website for independent professionals. She writes "Your Business Credit," a weekly column about small business and credit, for CreditCards.com.

Ask Elaine a question or read her prior answers in the 'Your Business Credit' archive.

Question Dear Your Business Credit,
I work in a small business. We use credit cards to process deposits, and we record on a registration card the customers’ credit card number and ask for the name on the credit card. 

My question is do we need to record the exact name on the card or is the customer's name sufficient? We only enter the credit card number in our credit card processing machine. I have co-workers who insist on getting the exact name on the card since they believe the credit cards cannot be legally processed without that information. We also use another customer system where we use credit card numbers and customer names but in that system we do not insist on the exact name on the card. 

I do not think that the average customer would be aware of guidelines regarding this use. I have not been able to find any additional useful information on the internet regarding this. Any feedback would be appreciated. Thank you. – Kristina

Answer Dear Kristina,
Before I address your question, I strongly urge you to get some help from your merchant processor in storing your customers’ credit card numbers securely. Writing down customers’ credit card numbers on a registration card is not a secure practice. A rogue employee or vendor who enters the building after hours or burglar could potentially steal the information and use it to make fraudulent charges.

Beyond that, storing customers’ card data insecurely could land you in a lot of hot water in the form of steep fines and the potential loss of your merchant account. The average cost of a data breach for a small firm is $36,000 when fines, liabilities and other costs are considered, according to First Data.

All of the major card brands require merchants with a legitimate business reason to store customers’ card numbers to follow what is known as the Payment Card Industry’s Data Security Standard. PCI DSS, as it is known, says the only permissible way to store this data is on PIN devices and payment applications certified by the Payment Card Industry Security Standards Council.

Fortunately, it is not hard to store customers’ data securely. Merchant processors offer a variety of encryption and tokenization technologies. For more detailed information, see the Guide to Safe Payments published by the Payment Card Industry Small Merchant Task Force. Getting set up may be a bit time consuming at first, but this is one thing you don’t want to put off.

And now for an answer to your question: To process a customer’s credit card on file, “you do not need the exact name,” according to Jennifer Glass, chief executive officer of Credit Cards New Jersey., a sales organization in Tenafly, New Jersey, that helps merchants find payment solutions.

However, I would suggest that you ask for the name that appears on the card so you will have as much information as possible in the event of a chargeback. As a best practice, Visa’s guidelines for merchants recommend that in card-not-present transactions that merchants do ask the name of the customer as it appears on the card. Once you’re set up with the right PCI compliant security system in place, keeping information like this in your records should not be a problem.

See related: Video: Chargebacks hit merchants not ready for EMV chip cards, Dumpster diving can expose your personal information

Meet CreditCards.com's reader Q&A experts

Does a personal finance problem have you worried? Monday through Saturday, CreditCards.com's Q&A experts answer questions from readers. Ask a question, or click on any expert to see their previous answers.

Published: January 23, 2017

ADVERTISEMENT
ADVERTISEMENT

Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.




Updated: 04-29-2017

ADVERTISEMENT


Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.


ADVERTISEMENT