Keeping this vital information secure
Cardholder and transaction information needs to be stored, processed or transmitted securely. This includes:
- Card number
- Card expiry date
- Personal Identification Number (PIN). This must only be taken from cardholders when they use the PIN pad connected to your POS terminal or system
- Passwords or pass phrases
- Digital certificates
- Biometric authentication mechanisms – and any other information used to authenticate a card payment transaction
- Card Security code (the last three digits on the signature strip) may not be stored under any circumstances
- Customer name
- What they bought
- How much it cost – and any other details obtained in a card payment that could identify individual customers and their purchases
What you need to do
You must have the right operational and technological processes and procedures in place. These help safeguard against personal information falling foul to unauthorized access, processing or disclosure.
You must use the most up-to-date technologies to protect the personal information collected or stored on your web site or systems.
Especially sensitive or valuable information, such as financial data, should be protected by reliable encryption.
