If you have your own merchant account do you keep (are you responsible for) credit card information for your customers? I'm getting merchant account in 2 weeks and I don't want to be responsible for keeping CC info. Is there a way to do that? If I must keep the CC info, what is the best way to do that, what software do you use? How do you keep it secure? Are you responsible if client CC is compromised?
I'm completely new to this and any help is appreciated.

Thanks in advance,
Peter

Either don't keep the information online, or keep it on a server that is locked _extremely_ tight and sits behind at least one other computer (NAT would be a good thing to use).

You should store things offline, though, as best you can while not hindering your ability to quickly process transactions in some way.

If you don't want to store your customers' CC information, they'll have to fill it all in every time their bill is due at a secure form or control panel you provide them. Merchant account processors won't store your customers' CC information (that I know of)...

The best way to keep offline data is via removeable drive. Small point to store it 'offline' if someone roots your local computer. Try a floppy or Zip (if you've enough data), burnt once a week to CD/RW, in case you go and pour coffee on the floppy. :)

If you do store online, data should be on a server without direct net access, and encrypted as hard as you can (thousands of character keys for example). I'd suggest using something from 'Revelations' as a key :D Fire and Brimstone stuff

Greg Moore

Originally posted by allera
Merchant account processors won't store your customers' CC information (that I know of)...

If they provide reoccuring billing... than they have to store the CC information online. My merchant has that option and the data is stored online. When I go to view the information, they only show the last 4 digits, so it is still encrypted when I view it again.

If you get a program like QuickBooks, than you can store their information in quickbooks which if setup properly will need a password to be accessed.

Also depends on how you collect their information. If you are sending them straight to the processor, than you won't see their CC information anyway, so you can't store it. If you are sending it somewhere online or to your email address, it should be encrypted anyways (maybe GPG or PGP). So just store it in it's encrypted version.

At present we dont keep customers credit card details. We only have yearly payment so we do not need them for recurring billing and feel that its actually safer to get the details again each year, which eliminates the risk of people hacking and getting the details.