How to Safely Store a Customer’s Credit Card Number for Re-bills

Recurring billing, subscription billing, and automated billing are all different names for roughly the same process.

Recurring billing and card on file, similar but different

An example of a simple recurring billing plan would be a supplement auto-ship program. The way Amazon keeps your card information and shipping addresses on file “just in case you need it” is an example of more open-ended customer data storage.

There’s a host of businesses that make use of recurring billing to streamline their revenue and make it reliable. This includes salons, subscription beauty or health food boxes, and software companies, to name a few.

Either way, a customer visits your website and provides their billing information such as a credit/debit card number, billing address, or even their bank account information. Then, the customer agrees to be billed at regular intervals for the goods or services they receive, agrees to keep their billing information on file for future purchases or agrees to both.

The topic of sensitive data handling is becoming one of the biggest concerns for people all around the world. This is especially true in light of the recent data breaches at Yahoo and Equifax when the credit card and other personal information of thousands of consumers were put in jeopardy.

As a result, it’s doubly important to understand and follow safeguarding tips that help you protect and store your consumer’s credit card information securely at all times. It’s important that you follow legal and other required guidelines to protect your customers. It is also vital that you ensure secure handling of customer’s sensitive data to gain the trust you need from your customers and avoid legal or regulatory trouble. NMI phone image

NMI Vault and Credit Card Information

NMI is a widely used e-commerce payment gateway provider that helps online stores process their payments across the globe. The customer vault offered by NMI is specifically designed to address concerns about handling sensitive data like customer’s credit card information. They’re very well equipped to provide this service to businesses of all sizes.

Merchants can transmit their payment information through an SSL connection with NMI Customer Vault. Once all the information related to a customer credit card is securely sent to the NMI Vault, the merchant can initiate transactions remotely. Allowing the merchant to continue the rebilling without having to see the actual card number ever again. At Blue Payment Agency, we can help you securely and efficiently import sensitive customer payment information onto the NMI secure Customer Vault. Throughout the process, you won’t have to store any data in your local database or payment application.

Use Only PCI Compliant Hardware and Software

We highly recommend that all the hardware, software and procedures that you use are PCI compliant. It’s a necessary step along the way to ensure that sensitive data and credit card information is handled properly. This is true regardless of whether it’s a terminal for point of sale transactions or recurring billing database.

Reputable vendors go through a series of tests to make sure that their products are PCI compliant. In these tests, they look for any vulnerabilities and potential security threats. Therefore, it would be best only to use these tried and tested products; especially if your goal is to keep your customers happy and secure. You can check the PCI DSS website for a complete list of products that you can trust.

Make use of Payment Security Measures; Encryption and Tokenization

Recurring billing and “card on file” transactions require you to have electronic storage of credit card numbers. If your business model involves recurring billing, you need to be certain your software secures all data with strong encryption. You may also need to encrypt your phone recordings if you are taking orders on phones. Similarly, with your other files, these recordings should be password protected and only accessible to authorized personnel.

Another payment security measure is tokenization. In this process, a “token” or one-time use number is used to process the transaction instead of the actual card number. Tokenization replaces the sensitive data with a randomly generated string of characters. These random characters are then used as authorization codes and transaction IDs.

Proper storage of paper documents containing sensitive data

There are situations where you need to document credit card numbers on a piece of paper. For example, you may need proof of recurring payment authorizations. If you keep paper documents with credit card information, then make sure you keep them in a secure place, like a safe under lock and key. Additionally, you should only allow access to these files and archives to people you explicitly authorize and trust. In turn, make sure individuals with access are contractually obligated to keep sensitive information strictly confidential.

Data Portability

We all expect changes in the business landscape, especially when running an online business. Keeping up to date with the latest trends and security technology is an absolute must. Therefore, if at any point you feel like your old payment gateway is not able to keep up with your changing business, or changing security standards, then you must consider changing it. For that, you will need someone to make a secure transfer of sensitive data, like customer credit card information, from one gateway to another.

At Blue Payment Agency, we can help you move your customer data securely from one gateway to the NMI Vault. We can also help you with merging your merchant accounts under a single payment gateway. This will make managing your merchant accounts easier and ensure the security of your sensitive data.

For more information on any of the above methods and how Blue Payment Agency can help, call us today at 844-253-9769 or contact us on our website.