The majority of credit card fraud cases originate from credit card information given willingly. Sometimes this is a case of an employee selling information. In others, it's a case of information theft. Both cases underscore the importance of keeping credit card records secure in your business. For businesses that run credit cards solely at point of sale, this isn't a concern. Full credit card information never stays at your business. Some businesses, though, need to keep credit card data on file for recurring bills or to manage deposits. In these cases, appropriate security is a must.
Keep credit card information on a single sheet of paper, preferably attached to the folder where you keep the customer's file.
Keep a list of names for files that include credit card information. Periodically check it against the physical files to confirm that none are missing.
Store files in a locking cabinet kept in a safe place. A locked office is good, but a busy desk space is often better. Someplace with limited access but many eyes, such as the reception desk, is best. Only managers or other trusted personnel should have access to the keys.
Access a file only when directly interacting with it, such as to enter credit card information for that month's purchase. Return it directly to the file cabinet once finished. Keep the cabinet locked while working with the file.
Consider entering credit card information in code, such as by reversing the second and fourth blocks of digits. Because credit card numbers are formatted according to specific rules, most codes a person can remember will be broken by professionals. However, this measure will serve to discourage casual temptation.
Keep all files containing credit card information on a password-protected user with administrator privileges. Keep the computer itself locked in place. Do not store credit card information on a laptop, flash drive or other easily portable storage device.
Password protect the accounting and billing software that stores or interacts with credit card information. Use different passwords from the one that protects the user account.
Safeguard the passwords and technical specifications of your accounting software, restricting access to only those who need to access the information. This may mean limiting the number of people who are able to do certain jobs.
Consider online processing services, many of which will allow direct billing. Direct billing services can be set up so that only the computer can access actual credit card information. The transaction goes through without even the user seeing the entire credit card number.
Take credit card information very seriously. If your files are compromised and used to commit identity theft, or even sold to a direct mailing company, your company can be found liable for damages.
- "Small Business for Dummies"; Eric Tyson, 2007
- "The E-Myth Revisited"; Michael Gerber; 1996
- "Tom Patire's Personal Protection Handbook"; Tom Patire; 2003
- credit card image by feisty from Fotolia.com