Sunday, November 30, 2008

Customer Information Management

Storing sensitive credit card customer information is something that used to be taken lightly, not any more. PCI or the Payment Card Industry regulates the storage of this sensitive information. This means if you accept credit cards, you and your processor need to be PCI compliant. Since PCI compliance for storage of cardholder data is usually out of reach for most merchants how can you rebill a return customer without asking for payment information and without violating PCI rules?

Customer Management
The simple way to comply with PCI and still have the ability to rebill your customers is to use a PCI approved 3rd party to store the credit card information. Its a relatively new concept but most processors are starting to offer this service. Here's how it works. The credit card payment information is passed securely to the payment processor. The payment processor issues a customer ID, the next time you need to bill that customer you just send the customer ID.

PCI Compliance
As the Payment Card Industry starts enforcing these rules on the merchant having the customer data stored elsewhere is going to gain popularity. This method ensures you are in compliance with the Payment Card Industries rules because you are not storing the credit card number of the customer. All that needs to be stored is the customer id.

No comments: