#1 Encrypt credit card numbers with the strongest possible encryption - AES-256 is the current standard #2 Do **NOT** store CVV codes. This is a HUGE no-no, and will cost not only your merchant account, but large fines as well #3 Display/print only the last 4 digits of the card number
If you can avoid storing card numbers, do so. Storing them puts you inside PA-DSS scope, and subjects you to liability and audits. If you're doing credit card authorization via a gateway from your UV software, consider using one of the payment gateways that supports Managed Payer Data. With MPD, you don't store a card number, rather you store a "token" that is returned by the gateway when you first authorize a specific card. You can save the token, and re-use it for future transactions. Larry Hiscock Western Computer Services -----Original Message----- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Mike Dallaire Sent: Friday, January 15, 2010 2:07 PM To: 'U2 Users List' Subject: [U2] Credit Card info Hi all, We are looking for any thoughts on storing credit card information in UniVerse for our customers. Up until now we have not stored this information and we welcome any thoughts, helpful tips, etc. on doing so. We have already decided we will encrypt the stored data, but there are other issues such as printing of the data, etc. Keep in mind we provide the software, our customers are using and controlling the data. Thanks in advance for any info. Mike Michael Dallaire Senior Applications Developer IBM Certified Solutions Expert Mortgage Builder Software, Inc. mi...@mortgagebuilder.com Main: 800.850.8060 ext. 103 Fax: 248.304.0601 www.mortgagebuilder.com Help Desk198 Confidentiality Notice This transmission may contain confidential information which is intended for the exclusive use of the intended recipient. Any disclosure, copying, distribution or use of the contents by anyone other than the intended recipient is strictly prohibited. If received in error, please reply to the sender immediately _______________________________________________ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users _______________________________________________ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
