In addition to protecting your company from processing fraudulent transactions, you are also responsible for protecting your own customers' information from being compromised.
Using ReceivablesPro for all of your electronic storage of cardholder data is a smart first step towards compliance. Once a credit card number is encrypted and securely stored in ReceivablesPro’s PCI Certified system, you can perform additional transactions without the need for external access to the full number again.
But, if you store card holder data in paper form—such a signed authorization forms for recurring schedules—you need to make certain that those forms are protected. The following are some guidelines to use:
Store any paper documents containing credit card numbers in a locked file drawer or safe.
Limit access to documents containing credit card numbers on a need-to-know basis.
Discard (via shredding or incineration) documents containing credit card numbers when there is no longer a business need to keep them. (For recurring schedule authorizations this is one year after the last payment made on the schedule.)
After successfully entering and processing a transaction in ReceivablesPro (wait until you have confirmation that the transaction settled), redact (cross-out with a dark pen) the CVV2 code and all but the last 4 digits of the credit card number on any paper authorization forms.
If you store authorization forms in digital format, you need to remove the CVV2 number and all but the last 4 digits of the credit card number (after you have successfully processed a transaction of course). You can achieve this by redacting (cross-out with a dark pen) this information before scanning a written document for storage. Or, if the authorization form is already in digital format, use a tool such as Microsoft Paint or Adobe Acrobat Standard to delete it prior to storage.
