Do you keep your clients credit card details? If so, how do you encrypt them?

You can only keep the CC number if you are CISP compliant. You also may NOT store the CVV numbers anywhere

It is a wise man's rule not to have anything close to personal identification data in your servers. No bank accounts, no credit cards, no driver licenses ids... Just ask and save the minimum and let the critical data be processed by a Payment portal (Paypal and alike)

Less troubles on your way. You will have already too many without looking for them :-)

Yes, the merchant accounts will store the credit card information on their servers. All you really need is name, address, e-mail, phone number, etc.

No, I let the merchant handle that. I just store any needed contact information.

We have no reason to retain this information. It's a big liability risk if you do, not to mention I can't see how anyone who runs a business can sleep well at night knowing they have people's credit card numbers stored. It's just not smart.

We give our clients a choice. If they wish to be autobilled, then they can choose to keep their details on our server. If they want to pay manually, then they don't need to store any cc details with us.

As others, I let Authorize keep all that information on their servers. I have alot of clients that pay by check though :) If you want to do that though, Modernbill has that type of setup where it has encryption.

Good luck!

Oh, okay. I was just wondering if it was actually needed for anything. So long as I keep the invoices and stuff, it's fine, right?

Originally posted by Pheaton
We give our clients a choice. If they wish to be autobilled, then they can choose to keep their details on our server. If they want to pay manually, then they don't need to store any cc details with us.

Same here. Works well so far.

R Echo, yes, you shoud always keep copies of the invoices on a monthly CD, etc. You should make them PDF forms, too.

Nope... but then again it is a rare few that actually pay by credit card. As mentioned, you are required by Visa regulations to be CISP compliant to store credit card information (which I'd imagine close to zero on this forum are). It's dangerous and stupid as you WILL be liable if any credit card information is stolen due to lack of security procedures.