Your Business Credit

How small businesses can safely store card details

Your Business Credit columnist Elaine Pofeldt

Elaine Pofeldt is a journalist whose articles on entrepreneurship and careers have appeared in Fortune, Working Mother, Money and many other publications. She is a former senior editor at Fortune Small Business magazine and an entrepreneur herself, as co-founder of, a website for independent professionals. She writes “Your Business Credit,” a weekly column about small business and credit, for

Ask a question.

QuestionDear Your Business Credit,
I need to store credit card details. We’re a small business and we currently use a service which only allows one single view of card details before removing the CVC.

Due to the nature of the business, we are required to view details more than once, so we need to keep the details somewhere else.

Do you have any resources? Thanks. – Robbie

AnswerDear Robbie,
It’s great to see that you’re taking steps to protect your customers’ credit card data. The Equifax data breach is a good reminder for all of us of how vulnerable data can be.

You don’t need to hunt very far or a solution. It sounds as if you are using a private service of some sort to store the data. If that’s the case, before looking for another outside service, I’d inquire with your merchant processor.

Many of those companies offer their own solutions to store customers’ card data. The advantage of going this route is you know the solution will be one that works well with your merchant processing system.

Industry requirements for storing customer data

A little background: Every major card brand requires merchants who need to store customers’ card numbers to follow the Payment Card Industry’s Data Security Standard. This is a framework developed by the PCI Security Standards Council that is responsible for establishing a minimum set of requirements for protecting cardholder data.

Under PCI DSS, the only allowable way to store this data is on PIN devices and payment applications certified by the Payment Card Industry Security Standards Council.

You don’t have to figure this out on your own. Many merchant processors offer services that rely on encryption and tokenization technologies.

What if you don’t use a traditional merchant processor and rely on a service such as Square? These services also may offer their own solutions. Square, for instance, offers a service called “Card on File.” PayPal allows customers to store customers’ card data in its “Vault.” I’d ask whichever processes your transactions what solutions that company offers.

To be sure, all of these services will cost you some extra cash. Consider it money well spent. Data security is an area in which the potential consequences are too high.

You may be tempted to create a workaround to avoid the setup time, but this is a case in which a do-it-yourself approach can hurt you.

As I mentioned in an earlier column on how to securely store customer card data, merchants can face steep fines for storing customers’ data insecurely. It gets worse. If you were to experience a data breach and word spread to your customers, they might not entrust you with their credit card data again.

Become familiar with security data requirements

If you cannot find a solution you like and find there are situations in which you can’t work efficiently without keeping a hard copy of customers’ credit card data on file, then make sure you are familiar with the PCI Security Standards Council’s requirements to restrict physical access to the data. (See Page 19.)

The steps are not simple and require some prep work.

For example, one is to “ensure that all visitors are authorized before entering areas where cardholder data is processed or maintained; given a physical token that expires and that identifies visitors as not on-site personnel; and are asked to surrender the physical token before leaving the facility or at the date of expiration.”

Taking such steps would likely be difficult in a small business, so I recommend doing all you can to find a technological solution. It’ll save you hassles in the long run.

See related: Securely storing customer card data, How to qualify for credit as a small-business owner?

Meet’s reader Q&A experts

Does a personal finance problem have you worried? Monday through Saturday,’s Q&A experts answer questions from readers. Ask a question, or click on any expert to see their previous answers.

What’s up next?

In Your Business Credit

Former boss let me use his card, now he cries fraud

If you used a card given by a former boss who is now threatening legal action against you, seek legal advice. You may be able to prove you used the card legitimately.

Published: November 6, 2017

See more stories
Credit Card Rate Report Updated: August 21st, 2019
Cash Back

Questions or comments?

Contact us

Editorial corrections policies

Learn more

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company’s business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.