Does your store accept credit cards? That’s like asking a fish if it swims. Really, in today’s digital age, credit cards are by far the most popular method of paying for goods and services. And while credit card use is convenient for your customers, it too often attracts fraud and theft. The Payment Card Industry Data Security Standard, commonly known as PCI, is a security standard developed by credit card companies. PCI compliance at your store protects both your customers and your long term success.
PCI Compliance Points
To be PCI compliant, there are essential procedures your team must follow that cover important card security issues including the protection of sensitive cardholder data and prevention of credit and debit card data theft.
Done and Destroy
The most important guiding principle of PCI compliance is simple: As soon as credit card data is no longer needed, it should be destroyed. Cardholder data refers to the data necessary to process a credit or debit card transaction. At a minimum, it’s the Primary Account Number, the unique 13 or 16 digit number associated with the card. Beyond the numbers that someone can see by physically viewing a credit card, there is also electronic data stored on the card, either on the magnetic strip on the back of the card or in a computer chip that is now embedded in some cards. This electronic data is gathered only by credit card systems and card readers.
Security Rules
Follow these rules to keep cardholder data secure.
- Never copy sensitive cardholder data to any form of electronic media.
- Never manually copy credit card numbers or information, such as writing them on a scrap of paper, ledger, or hand ticket.
- Keep cards in sight of the customer at all times during the transaction.
- If you have to hold on to any credit card data for an approved business purpose, keep that data in a secure, locked environment.
- If you have physical credit card data that needs to be thrown away, it must be completely unreadable, incinerated, or cross shredded into pieces no greater than 1/4 inch.
- Never send e-mails containing credit card data.
- Store management should be immediately involved any time a customer leaves their credit card behind.
PCI compliance is critical to the success of your business. Click here for a preview of an online PCI Compliance training course for your staff.