Updates - We Make Payment Gateways Easy


How to Safely Store a Customer’s Credit Card Number for Re-bills

Recurring billing, subscription billing, and automated billing are all different names for roughly the same process.

Recurring billing and card on file, similar but different

An example of a simple recurring billing plan would be a supplement auto-ship program. The way Amazon keeps your card information and shipping addresses on file “just in case you need it” is an example of more open-ended customer data storage.

There’s a host of businesses that make use of recurring billing to streamline their revenue and make it reliable. This includes salons, subscription beauty or health food boxes, and software companies, to name a few.

Either way, a customer visits your website and provides their billing information such as a credit/debit card number, billing address, or even their bank account information. Then, the customer agrees to be billed at regular intervals for the goods or services they receive, agrees to keep their billing information on file for future purchases or agrees to both.

The topic of sensitive data handling is becoming one of the biggest concerns for people all around the world. This is especially true in light of the recent data breaches at Yahoo and Equifax when the credit card and other personal information of thousands of consumers were put in jeopardy.

As a result, it’s doubly important to understand and follow safeguarding tips that help you protect and store your consumer’s credit card information securely at all times. It’s important that you follow legal and other required guidelines to protect your customers. It is also vital that you ensure secure handling of customer’s sensitive data to gain the trust you need from your customers and avoid legal or regulatory trouble. NMI phone image

NMI Vault and Credit Card Information

NMI is a widely used e-commerce payment gateway provider that helps online stores process their payments across the globe. The customer vault offered by NMI is specifically designed to address concerns about handling sensitive data like customer’s credit card information. They’re very well equipped to provide this service to businesses of all sizes.

Merchants can transmit their payment information through an SSL connection with NMI Customer Vault. Once all the information related to a customer credit card is securely sent to the NMI Vault, the merchant can initiate transactions remotely. Allowing the merchant to continue the rebilling without having to see the actual card number ever again. At Blue Payment Agency, we can help you securely and efficiently import sensitive customer payment information onto the NMI secure Customer Vault. Throughout the process, you won’t have to store any data in your local database or payment application.

Use Only PCI Compliant Hardware and Software

We highly recommend that all the hardware, software and procedures that you use are PCI compliant. It’s a necessary step along the way to ensure that sensitive data and credit card information is handled properly. This is true regardless of whether it’s a terminal for point of sale transactions or recurring billing database.

Reputable vendors go through a series of tests to make sure that their products are PCI compliant. In these tests, they look for any vulnerabilities and potential security threats. Therefore, it would be best only to use these tried and tested products; especially if your goal is to keep your customers happy and secure. You can check the PCI DSS website for a complete list of products that you can trust.

Make use of Payment Security Measures; Encryption and Tokenization

Recurring billing and “card on file” transactions require you to have electronic storage of credit card numbers. If your business model involves recurring billing, you need to be certain your software secures all data with strong encryption. You may also need to encrypt your phone recordings if you are taking orders on phones. Similarly, with your other files, these recordings should be password protected and only accessible to authorized personnel.

Another payment security measure is tokenization. In this process, a “token” or one-time use number is used to process the transaction instead of the actual card number. Tokenization replaces the sensitive data with a randomly generated string of characters. These random characters are then used as authorization codes and transaction IDs.

Proper storage of paper documents containing sensitive data

There are situations where you need to document credit card numbers on a piece of paper. For example, you may need proof of recurring payment authorizations. If you keep paper documents with credit card information, then make sure you keep them in a secure place, like a safe under lock and key. Additionally, you should only allow access to these files and archives to people you explicitly authorize and trust. In turn, make sure individuals with access are contractually obligated to keep sensitive information strictly confidential.

Data Portability

We all expect changes in the business landscape, especially when running an online business. Keeping up to date with the latest trends and security technology is an absolute must. Therefore, if at any point you feel like your old payment gateway is not able to keep up with your changing business, or changing security standards, then you must consider changing it. For that, you will need someone to make a secure transfer of sensitive data, like customer credit card information, from one gateway to another.

At Blue Payment Agency, we can help you move your customer data securely from one gateway to the NMI Vault. We can also help you with merging your merchant accounts under a single payment gateway. This will make managing your merchant accounts easier and ensure the security of your sensitive data.

For more information on any of the above methods and how Blue Payment Agency can help, call us today at 844-253-9769 or contact us on our website.


Grow Your Business With Multiple Merchant Accounts and ClickFunnels

One of the first things you need to do when starting a ClickFunnels business is deciding on a merchant account. Merchant accounts are essential to succeeding in any endeavor, but they are especially vital in the growing world of e-commerce. Without a merchant account, you can’t process credit card payments. If you are still trying to establish a merchant account, or if you are in need of merchant services for a high risk business, there are plenty of options.

Read more


Why You Should Use an Encrypted Keypad With Your Virtual Terminal

With the introduction of virtual terminals, credit card processing has never been so easy. As long as you have an internet connection and a device like a computer or phone, you can make a sale and accept payments. However, with every convenience comes a vulnerability. If a virtual terminal, or any other payment software, is not protected by added security with point-to-point encryption, like an encrypted keypad, then you are unintentionally compromising your client’s payment information.

Read more


Top 3 Best Payment Gateway Options You Didn’t Know Existed

Your payment gateway is one of the keys to your e-commerce business’ success. Although many merchants who use gateways are not entirely sure what they do, we can assure you that your e-commerce business cannot survive without one. Payment gateways are essentially online versions of the point-of-sale terminals at brick and mortar shops. They authorize card payments, process refunds, and void electronic transactions. Since gateways are often a mystery to their users, many merchants don’t realize that they could be missing out on three payment gateway options that can not only protect their merchant account, but increase their business volume and profitability as well.

Read more


NMI and the Top 4 Reasons Why You Should Use Multiple Merchant Accounts

For merchants selling different kinds of products, multiple merchant accounts are a necessity. If your product offerings remain within a specific category, like selling different types of nutritional supplements, then you may operate different sales funnels under the same merchant account. On the other hand, if you offer different product types, like selling supplements and clothing items, then using multiple merchant accounts is wise. A good rule of thumb is that if your products have different Standard Industrial Classification (SIC) codes, then you need a separate merchant account for processing the payments of each product.

There are numerous reasons why multiple businesses can’t operate under the same merchant account. Here is a quick rundown of why these accounts are necessary.

Read more