To be honest, you should read the PCI data security guidelines from Visa instead of asking in here. It's available from the Visa web site, along with the current interchange rates. You can also talk to the guys @ Total Computing.
Examples of a few data restrictions: 1) You can only store the CVV2/CID for as long as the order is open. Once the "transaction" is completed fully you must destroy it from all storage locations. (This includes e-mails, print-outs, etc) 2) You can only show the last 4 digits of the card on reports and such. 3) You _must_ encrypt the card data. If you have a high volume of credit card transactions (used to be > $1million month, not sure this year) then you may be included in the random audit list. If you can afford to use a remote payment vault center, then by all means do so. You will only be liable for the data when you first transmit it to the vault for storage. From then on, you just refer to a unique ID to process the card over and over again until you decide to dump it. The CVV2 code is still transmitted for each transaction, though since it can't be stored. The PCI requirements are getting horrendous and annoying at this point. Yet fraud still hasn't gone down. I could go on and on about the faults within and surrounding the card industry, but we'd be here all day. ---------------------------------------- Glen Batchelor IT Director All-Spec Industries phone: (910) 332-0424 fax: (910) 763-5664 E-mail: webmas...@all-spec.com Web: http://www.all-spec.com Blog: http://blog.all-spec.com ---------------------------------------- > -----Original Message----- > From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users- > boun...@listserver.u2ug.org] On Behalf Of Mike Dallaire > Sent: Friday, January 15, 2010 5:07 PM > To: 'U2 Users List' > Subject: [U2] Credit Card info > > Hi all, > > We are looking for any thoughts on storing credit card information in > UniVerse for our customers. Up until now we have not stored this > information and we welcome any thoughts, helpful tips, etc. on doing so. > We > have already decided we will encrypt the stored data, but there are other > issues such as printing of the data, etc. > > Keep in mind we provide the software, our customers are using and > controlling the data. > > Thanks in advance for any info. > > Mike > > Michael Dallaire > Senior Applications Developer > IBM Certified Solutions Expert > Mortgage Builder Software, Inc. > mi...@mortgagebuilder.com > Main: 800.850.8060 ext. 103 > Fax: 248.304.0601 > www.mortgagebuilder.com > Help Desk198 > Confidentiality Notice > This transmission may contain confidential information which is intended > for > the exclusive use of the intended recipient. Any disclosure, copying, > distribution or use of the contents by anyone other than the intended > recipient is strictly prohibited. If received in error, please reply to > the > sender immediately > > > _______________________________________________ > U2-Users mailing list > U2-Users@listserver.u2ug.org > http://listserver.u2ug.org/mailman/listinfo/u2-users _______________________________________________ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
