PCI DSS – Storing Card Information

More and more of you are contacting me regarding PCI DSS compliance. In short my advice is to stop storing card details within Move Administer, even though the details are now encrypted. If you want the details removed from existing records then just ping me an email as I have built a simple clearing process into User Administer. However, one common question is whether or not to remove the card information from Acceptance forms? Having spoken with First Data last week it would seem that you can indeed request card information on your Acceptances, the issue is how the card information is kept once processed, because the card information should be disposed of, however, you don’t want to lose your Acceptance? The solution – well there are two actually, either ask for card information on a separate sheet, or move the card section to the very foot of your Acceptance which can then be cut away. Both solutions would then offer the safe disposal of card information once processed.