Running a business can give you access to some of the most private and sensitive information of your customers, including their credit cards. While it is not illegal for businesses to retain credit card information, several watchdog groups and government agencies advise against the practice to avoid customer information being compromised.

Reasons Businesses Retain Credit Card Data

How Credit Information is Stored

PCI Securities Standards Council

Violating PCI Policies

Ramifications of Breach

If you are determined to keep copies of credit cards in your office, you should be aware that, as a business owner, you open yourself up to a wide array of issues. They may not land you in jail, but they can cause you to lose your business. If it is found that you were negligent in protecting your customers’ credit card information by making copies of it and not securely storing it, you will face fines and penalties from the credit card companies. They may even terminate their contract with you. If a customer’s credit card information is stolen because you had it in an unsecured office, that customer can sue you. You will then have to face hefty legal costs, judgments and/or settlements.

Rule of Thumb

If you worry about the legal issues that can arise if a customer’s credit card information is breached because you have copies of the information stored in your office, you should probably abandon that practice. The Federal Trade Commission notes that you should not retain the account number and expiration date unless you have an essential business need to do so because keeping this information, or keeping it longer than necessary raises the risk that the information could be used to commit fraud or identity theft.