How Does Taking Credit Cards by Mail Work with PCI?

August 21, 2015 • Published by Scott Dingman PCI 101 fax, Mail Order, MOTO, Physical Security, PII, Requirement 3, Requirement 9

As is the case with taking credit cards by phone, receiving sensitive payment information by mail or fax can raise concerns in relation to your organization’s PCI compliance process. Why is it such an issue? Because when card data is handled manually, the corresponding security … Read more

“Can We Securely Store Card Data for Recurring Billing?”

August 8, 2014 • Published by Brad Chronister PCI 101 Data Storage, Penetration Testing, Recurring Billing, Recurring Payments, Requirement 9, Vulnerability Scanning

Should your business store cardholder data? While the PCI DSS discourages businesses from storing credit card data, many feel the practice is necessary in order to facilitate recurring payments.Here are a few of the related questions we’ve recently received: Question: We store credit card info (number … Read more

“Are ‘Knuckle Busters’ PCI Compliant?”

July 3, 2014 • Published by Jarred White Industry Topics Knuckle Buster, Manual Swipe, Mobile, Physical Security, Requirement 9, Restaurants

Question: I run a restaurant business and have a question regarding “manual credit card processing.” In the event my cc system (POS) goes down, how can I process credit cards without taking a manual imprint of the card? Answer: I’m guessing your question comes from the … Read more

“We would like to request a credit card number in advance of an event…”

April 17, 2014 • Published by Brad Chronister Best Practices Cardholder Data, CHD, Data Storage, Encryption, Hardcopy Storage, Hospitality, PAN, Requirement 9, Sensitive Authentication Data, Tokenization

Question: We are developing our payment policy for a venue rental business and would like to request a credit card number to be submitted 14 days prior to the event to have on file for any damages that might occur during the event. Will I be … Read more