Securing Customer Data: 7 Precautions For Accepting Credit Card Payments
Making the decision to accept credit card payments through your web site is a major step forward and with it comes a lot of responsibility. Rich over at Aiming for Independence has posted a great article outlining the seven actions you should take immediately if your business accepts credit cards. Here are some excerpts:
#2. Make sure that any credit card information being transferred across the Internet is encrypted.
#5. Set a short time limit on storing unencrypted customer information
In addition, I would suggest that, if possible, you avoid storing users’ credit card numbers all together. Often your merchant processing company will store the required information and allow you to issue refunds with only the unique transaction identifier. This ensures that you will never be at risk of compromising your users’ credit card information. Ideally your website will simply serve as a conduit for transferring payment information between the customer and the credit card processing company.
- 72 Essential Acronyms Related to Web Site Development
- 5 Quick Steps for Tapping the Freelance Marketplace
- Web Stack Series Part 3: The Database
Tagged:
credit cards, ecommerce, encryption, security, tips
Comments
3 Responses to “Securing Customer Data: 7 Precautions For Accepting Credit Card Payments”
Leave a Reply




















I would add the the best way to ensure you are fully compliant, secure, with 100% uptime is to choose a high qualify virtual terminal/gateway provider such as Authorize Net or Verisign PayFlow. Anyone with a server can create a payment gateway but these companies have the necessary resources and experience to make sure date is secure, is processed 24×7x365 and both have APIs that are compatible with most shopping carts. Do yourself a favor – pay a little more and invest in quality up front and you will avoid the headaches later on.
Yes, one of the biggest risks I’ve heard from is when credit card numbers are stored. When the merchant processor stores the customers credit card info on their end, and allows you to access it only to make a refund. This takes a huge liability away from you now and believe me, I’ve heard of someone on the forum that sued a store because they kept his credit card number on file. The other tips are vital too, but I think the mistake of storing numbers is usually what bites most people in the butt.
Some of the bigger gateways call this feature a “wallet” and is beginning to handle functions that were once handled by the shopping cart including customer contact data. In fact, his article mentions what to do if your credit card data is stored unencrypted–actually, according to PCI security standards, this should never be the case. Oh and NEVER store or write down the CVV2 (security card code) from any credit card. This is really only to be known by the card holder.