BACK

Your Business Credit

Securely storing customer card data

Summary

Business owners need to take down credit card information in a secure manner so that they don’t make their customers’ information vulnerable to theft and risk a fine themselves

The editorial content below is based solely on the objective assessment of our writers and is not driven by advertising dollars. However, we may receive compensation when you click on links to products from our partners. Learn more about our advertising policy.

The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Please see the bank’s website for the most current version of card offers; and please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

QuestionDear Your Business Credit,
I work in a small business. We use credit cards to process deposits, and we record on a registration card the customers’ credit card number and ask for the name on the credit card.

My question is do we need to record the exact name on the card or is the customer’s name sufficient? We only enter the credit card number in our credit card processing machine. I have co-workers who insist on getting the exact name on the card since they believe the credit cards cannot be legally processed without that information. We also use another customer system where we use credit card numbers and customer names but in that system we do not insist on the exact name on the card.

I do not think that the average customer would be aware of guidelines regarding this use. I have not been able to find any additional useful information on the internet regarding this. Any feedback would be appreciated. Thank you. – Kristina

AnswerDear Kristina,
Before I address your question, I strongly urge you to get some help from your merchant processor in storing your customers’ credit card numbers securely. Writing down customers’ credit card numbers on a registration card is not a secure practice. A rogue employee or vendor who enters the building after hours or burglar could potentially steal the information and use it to make fraudulent charges.

Beyond that, storing customers’ card data insecurely could land you in a lot of hot water in the form of steep fines and the potential loss of your merchant account. The average cost of a data breach for a small firm is $36,000 when fines, liabilities and other costs are considered, according to First Data.

All of the major card brands require merchants with a legitimate business reason to store customers’ card numbers to follow what is known as the Payment Card Industry’s Data Security Standard. PCI DSS, as it is known, says the only permissible way to store this data is on PIN devices and payment applications certified by the Payment Card Industry Security Standards Council.

Fortunately, it is not hard to store customers’ data securely. Merchant processors offer a variety of encryption and tokenization technologies. For more detailed information, see the Guide to Safe Payments published by the Payment Card Industry Small Merchant Task Force. Getting set up may be a bit time consuming at first, but this is one thing you don’t want to put off.

And now for an answer to your question: To process a customer’s credit card on file, “you do not need the exact name,” according to Jennifer Glass, chief executive officer of Credit Cards New Jersey., a sales organization in Tenafly, New Jersey, that helps merchants find payment solutions.

However, I would suggest that you ask for the name that appears on the card so you will have as much information as possible in the event of a chargeback. As a best practice, Visa’s guidelines for merchants recommend that in card-not-present transactions that merchants do ask the name of the customer as it appears on the card. Once you’re set up with the right PCI compliant security system in place, keeping information like this in your records should not be a problem.

See related:  Video: Chargebacks hit merchants not ready for EMV chip cards, Dumpster diving can expose your personal information

What’s up next?

In Your Business Credit

How a business can fight fraudulent online orders

If a business receives a fraudulent online order and ships the merchandise, is the company responsible for the cost?

Published: January 16, 2017

See more stories
Credit Card Rate Report Updated: September 18th, 2019
Business
15.45%
Airline
17.38%
Cash Back
17.52%
Reward
17.39%
Student
17.58%

Questions or comments?

Contact us

Editorial corrections policies

Learn more

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company’s business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.