Saturday, February 7, 2009

PCI Compliant Credit Card Transactions

As a follow up to our previous post. We are going to get into a little more detail regarding PCI compliant credit card transactions and the storage of credit card numbers.

PCI compliant
As a merchant you need to be PCI compliant, but it doesn't have to be difficult. The storage and transmission of credit card data is regulated by PCI or the Payment Card Industry. What this means is that if you accept credit cards you have to abide by certain rules to protect that data.

PCI Complaint Credit Card Number Storage
PCI says do not store credit card numbers. If you have an e-commerce store or web site that accepts payments do not store those credit card numbers in a database even if they are encrypted. It should go without saying you do not want to send an email to anyone even yourself with the full credit card number visible. So what do you do?

Accepting Credit Cards
In order to accept credit cards for the average merchant you should be using your processors securely hosted payment page. This way the credit card number is not entered in on your site and the number is stored securely. Make sure your processor is PCI complaint.

Off Loading Credit Card Number Storage
For an advanced application you can submit a credit card number for your customer to your processor and it will return an ID. The merchants application can store this ID, when they are ready for another transaction they just send that ID to the processor instead of a credit card number. The merchant doesn't need to store credit card information and is PCI compliant.

No comments: