Saturday, December 27, 2008

PCI Compliant Customer Data Storage

In a continuation of the post regarding storing of customer data we are going to dive into the subject a bit more.

PCI or the payment card industry doesn't want you to store sensitive credit card information. For example if you sell someone a widget on your site and they pay with a credit card. You are not allowed to store the credit card number without going through the pain of becoming PCI compliant for storage of credit card data.

Virtual Terminal Customer Data Storage
If your just using the Virtual Terminal provided to you from your merchant account provider you should be able to store sensitive customer information quite easily. Normally its as simple as entering in the credit card number on a screen and the next time you want to bill them just click their name. This is the easiest way to store sensitive information, but what if you need more control of your customers?

Storing Credit Card Customer Data
So lets say you want to rebill that customer or you need to credit their account. If you don't have access to the credit card number you will need to ask for it again. Rather than do that merchant account providers are offering to store your sensitive customer information as part of the service packages that they offer. Here's how it works. You send the processor the sensitive information once. They issue a customer token or customer ID say 2345. The next time you want to bill that customer you send to the processor, bill customer ID 2345, $50.00. Its that easy, your now PCI compliant and you have access to bill your return customers.

Integration into your Application
If you need even more control you can integrate your application via web services. For example if you have an existing application that maintains your customer information you can talk to the processors payment gateway via web services to make it a seamless user experience. Most processors offer these basic calls among others.
  • create a customer
  • update a customer
  • delete a customer
  • make a customer transaction
  • update a customers credit card
  • update a customers checking account

Having your processor store your sensitive information makes sense for most merchants. The savings is great when compared to the costs and time required to become PCI compliant to store credit card information. Ask if your processor offers sensitive data storage for your customer data, if they do take advantage of this great service.

No comments: