Securely storing customer card data
By Elaine Pofeldt | Published: January 23, 2017
Your Business Credit
Dear Your Business Credit,
I work in a small business. We use credit cards to process deposits, and we record on a registration card the customers’ credit card number and ask for the name on the credit card.
My question is do we need to record the exact name on the card or is the customer's name sufficient? We only enter the credit card number in our credit card processing machine. I have co-workers who insist on getting the exact name on the card since they believe the credit cards cannot be legally processed without that information. We also use another customer system where we use credit card numbers and customer names but in that system we do not insist on the exact name on the card.
I do not think that the average customer would be aware of guidelines regarding this use. I have not been able to find any additional useful information on the internet regarding this. Any feedback would be appreciated. Thank you. – Kristina
Before I address your question, I strongly urge you to get some help from your merchant processor in storing your customers’ credit card numbers securely. Writing down customers’ credit card numbers on a registration card is not a secure practice. A rogue employee or vendor who enters the building after hours or burglar could potentially steal the information and use it to make fraudulent charges.
Beyond that, storing customers’ card data insecurely could land you in a lot of hot water in the form of steep fines and the potential loss of your merchant account. The average cost of a data breach for a small firm is $36,000 when fines, liabilities and other costs are considered, according to First Data.
All of the major card brands require merchants with a legitimate business reason to store customers’ card numbers to follow what is known as the Payment Card Industry’s Data Security Standard. PCI DSS, as it is known, says the only permissible way to store this data is on PIN devices and payment applications certified by the Payment Card Industry Security Standards Council.
Fortunately, it is not hard to store customers’ data securely. Merchant processors offer a variety of encryption and tokenization technologies. For more detailed information, see the Guide to Safe Payments published by the Payment Card Industry Small Merchant Task Force. Getting set up may be a bit time consuming at first, but this is one thing you don’t want to put off.
And now for an answer to your question: To process a customer’s credit card on file, “you do not need the exact name,” according to Jennifer Glass, chief executive officer of Credit Cards New Jersey., a sales organization in Tenafly, New Jersey, that helps merchants find payment solutions.
However, I would suggest that you ask for the name that appears on the card so you will have as much information as possible in the event of a chargeback. As a best practice, Visa’s guidelines for merchants recommend that in card-not-present transactions that merchants do ask the name of the customer as it appears on the card. Once you’re set up with the right PCI compliant security system in place, keeping information like this in your records should not be a problem.
Meet CreditCards.com's reader Q&A expertsDoes a personal finance problem have you worried? Monday through Saturday, CreditCards.com's Q&A experts answer questions from readers. Ask a question, or click on any expert to see their previous answers.
- Options to collect from customers who can't pay their balance in full – When dealing with customers in financial distress, suggesting a payment plan might be the best way to ensure you get full payment ...
- Q&A: Ex-partner was authorized user; is he liable for card debt? – Your ex-business partner could be equally liable for the company's credit card debt even if he was just an authorized user on the card. Here's how to find out ...
- Q&A: Can I charge cards with a mobile app for my side hustle? – If you're operating a side hustle and wondering about your rights when it comes to charging cards on file and paying taxes, make sure you do your homework before you find yourself in trouble ...