Many businesses and organizations have to take credit card information without the card being present. Card not present transactions include any transaction where the credit card is not physically present with the merchant. PCI/DSS requires any credit card information to be handled securely and takes a dim view of recording the information. Things you should not do:
- Never store customers credit card information
- Never email or accept email with credit card information
- Never fax or accept faxed credit card information
- Never use forms to gather credit card information
So when you have phone orders or salespeople on the road what do you do? There are good alternatives that will keep you out of trouble.
- Phone orders should be immediately entered into a physical terminal or virtual terminal while the customer is on the phone. This has two benefits, the credit card Information is secure and you know right away that the transaction has been authorized.
- There are now some really good options for processing transactions remotely. Besides the well-known GPRS credit card terminal (works off cell network) there are now some great options to use a cell phone to accept both credit and debit cards
It is important that you guard credit card information you as a business owner are personally responsible for any losses resulting from poor handling of credit card information including fines and the cost of investigations.
For more information Contact Us