Can we securely store card data for recurring billing?
PCI DSS discourages businesses from storing credit card data, Merchants feel the practice is necessary in order to facilitate recurring payments.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
In order for the electronic storage of cardholder data to be PCI Compliant, appropriate encryption must be applied to the primary account number (PAN). In this situation, the numbers in the electronic file should be encrypted.
All PCI controls would apply to the environment in which the cardholder data is transmitted and stored. Tokenization can be implemented for recurring and/or delayed transactions. Travel Merchants and or Storage Facility could use this feature to help reduce the need for electronically stored cardholder data while still maintaining current business processes.
The best thing you can do for your business is to not store any cardholder data or personally identifiable information.
Tomorrow let’s tackle Encryption and Tokenization a strong combination to protect card data while reducing the cost of compliance!