Should your business store cardholder data? While the PCI DSS discourages businesses from storing credit card data, many feel the practice is necessary in order to facilitate recurring payments.Here are a few of the related questions we’ve recently received: Question: We store credit card info (number … Read more
Many business owners have asked us how to accept credit card information over the phone in a PCI compliant manner. Some have even assumed that because there’s a human involved the activity must be non-compliant. The good news is that you can take credit cards … Read more
Windows XP users may be breathing a sigh of relief following Microsoft’s announcement that it is patching—even for XP users—a major vulnerability discovered in its popular Internet Explorer (IE) browser. But folks, we’re just getting started. Now that the April 8 end date for Microsoft … Read more
Question: Is a card that has been closed by an issuer that is no longer active still subject to the same compliance standards as an active card when looking to email a card number in the clear? Answer: First, I would recommend to NEVER email a credit card … Read more
Question: Are there any self-disclosure requirements based on inaccurate SAQ submissions? For example, if the incorrect SAQ was completed, what steps should be taken to complete the correct SAQ and how long would a company have to resubmit? Answer: This would all come down to … Read more
Question: We are developing our payment policy for a venue rental business and would like to request a credit card number to be submitted 14 days prior to the event to have on file for any damages that might occur during the event. Will I be … Read more