We're considering doing what other Websites do with payment processing by asking for a credit card number, expiration...
date and CVV. Is this safer for customers and/or advantageous for PCI credit card compliance requirements if we collect less data?
While it’s always advantageous to collect as little personally identifiable information (PII) as possible, this won’t change your compliance obligations. Every merchant and service provider involved in the processing of credit card transactions must comply with Payment Card Industry Data Security Standard (PCI DSS) requirements.
Ask the Expert!
Got a vexing compliance problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
The most stringent PCI DSS requirements surround sensitive cardholder information, or the storage and use of credit card account numbers, CVV codes and track data retrieved from the magnetic strip on the back of the card (which obviously does not apply to the e-commerce transactions you describe).
Consequently, the one thing you may wish to consider in terms of improving your customers’ safety and your compliance with PCI DSS requirements is your storage of this data. If you’re able to receive the data, process the transaction, and discard the data without storing it on your systems, you’ll be able to simplify your compliance efforts. If you never store the data, you don’t need to worry about encrypting it or safeguarding the locations where sensitive credit card data is stored.
When you look at the issue from a customer safety perspective, it’s certainly true that the less data you collect and store, the better. The more complete a picture of your customers that identity thieves are able to obtain, the more damage they’ll be able to do. However, you’ll need to balance this minimalist approach with your organization’s business requirements.
Dig Deeper on PCI Data Security Standard
Related Q&A from Mike Chapple
The PCI SSC extended the deadline for organizations to update TLS encryption standards before announcing PCI DSS 3.2. Expert Mike Chapple examines ...continue reading
Biometric security systems come with many advantages, but do they also come with many regulations? Expert Mike Chapple discusses biometric ...continue reading
A recent FTC lawsuit against Wyndham Hotels highlighted concerns for enterprises that have suffered a data breach. Expert Mike Chapple discusses the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.