We currently don’t store credit cards. We are looking at the option as it would make it much easier for development staff to process monthly payments. Also, the recent number of cancellations would be much easier. However, we only want to do this if we can be PCI compliant and provide customers with best possible security. Here are the major questions we are looking at. If your organization stores credit cards, we would like to know the following. What is your policy regarding letting customers know about how Credit Card information is stored? I’m thinking especially about customers who call via phone and window.
How Long to you keep credit card info?
Is there someone we can talk to regarding the technical security measures you have set up. We are on RAMP.
Is there someone on staff that we can talk to regarding security policy for staff (who can access and how). This is more on the policy and procedure end rather than technical?
Thank you so much in advance!
Hi R.J. -
Have you had a chance to review our article on Enhancing Your Credit Card Security? Specifically the section on Storing Cards may be helpful to you. https://www.tessituranetwork.com/knowledgebase/Default.htm#Payment_Processing/P2PE_Getting_Started.htm. Let me know if I can answer any questions after you review the article and I'll reach out offline. Also happy to answer questions about the technical setup in RAMP.
Thanks,
Patrick
Thanks Patrick - I sent this along to our IT guru last week to help point him in the right direction.