Skyzer Blog

The Pros and Cons of Storing Your Card Information | Skyzer

11 May

If you work in an industry that requires you to keep your customer’s credit card details on file, such as the hotel business, then you are going to need a payment solution that extends beyond your typical EFTPOS terminal.

Online payment gateways offer secure ways for customers to opt-in to store their credit card details with a company, but when it comes to storing information in the physical world, there are other considerations that need to be made.

Today, we take you through all of the ins and outs of storing credit card information in-house, including the pros and cons of this practice.

PCI-DSS (Payment Card Industry Data Security Standard)  Compliance

First and foremost, everything that you do with a customer’s payment information has to be sanctioned under this standard. The Merchants facility is governed by PCI-DSS which is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. This includes maintaining up to date Anti-Virus, guarding against employee theft, internet-based intrusions, disposal of hardware drives etc.

Storage of sensitive data. 

Terminals that are operating in EOV mode (Electronic Offline Voucher) will print the full Card Number on the merchant receipt. It is the merchant’s responsibility to ensure the receipts are stored securely. Failure to do this will put the merchant in breach of PCI-DSS and liable for any fines if there is a data breach that can be attributed to insecure storage of paper receipts or hand written card information.  

Anything that could be used to authorise payment on the credit card details should never be stored, such as the three-digit verification number (CVC) on the back of the card.

Ensure the encryption on your PIN device is strong. 

Even if someone manages to access your payment device, they will never be able to read or obtain the card information as the message is fully encrypted as per the Paymark standard. That is the definition of strong encryption. Some devices use one-way hash functions to encrypt the card information into a random series of numbers, others truncate (permanently remove) at least half of the data. The key here is to choose a compliant device that suits your needs.

Storing Card Information: Pros & Cons 

If you are in one of those industries that needs to store customer data, your EFTPOS Terminal provides security around this with Pre-Auth and Completion transactions. However, even if you do store the details securely, there are pros and cons to installing the measures necessary to protect them.

The Cons 

  • There are huge consequences if you don’t do it right. If you store card information improperly and it gets stolen, you will face heavy consequences. As the holder of the information, it is ultimately your responsibility to keep it safe, and if your store is found to be PCI DSS non-compliant, there will be issues.
  • Setting up can be time consuming. Getting a secure system installed in-store is often time-consuming and expensive, which is another reason to avoid storing data unless there is a true need.

The Pros 

  • All EFTPOS Terminal Payment providers offer secure devices. You can be guided through this process by someone who is experienced in the payment industry and can provide a solution that will not compromise your PCI-DSS Security.
  • You can securely retain card data for relevant transactions.  If your business is such that you need to retain cardholder information, the customers card can be pre-authorised for a certain amount and this is stored securely in the terminal. The merchant can recall this information (no full card data is displayed) and complete the transaction for the required amount.

Talk to Skyzer to integrate advanced payment solutions today. 

We’re a customer-oriented and innovative payment solutions company acting as the sole distributor of Ingenico terminals. Getting an EFTPOS machine in New Zealand has never been easier than it is with one of Skyzer’s 70+ resellers, so get started with elevating your payment methods today.