
Running a business can give you access to some of the most private and sensitive information of your customers, including their credit cards. While it is not illegal for businesses to retain credit card information, several watchdog groups and government agencies advise against the practice to avoid customer information being compromised.
Reasons Businesses Retain Credit Card Data
How Credit Information is Stored
PCI Securities Standards Council
Violating PCI Policies
Ramifications of Breach
If you are determined to keep copies of credit cards in your office, you should be aware that, as a business owner, you open yourself up to a wide array of issues. They may not land you in jail, but they can cause you to lose your business. If it is found that you were negligent in protecting your customers’ credit card information by making copies of it and not securely storing it, you will face fines and penalties from the credit card companies. They may even terminate their contract with you. If a customer’s credit card information is stolen because you had it in an unsecured office, that customer can sue you. You will then have to face hefty legal costs, judgments and/or settlements.
Rule of Thumb
If you worry about the legal issues that can arise if a customer’s credit card information is breached because you have copies of the information stored in your office, you should probably abandon that practice. The Federal Trade Commission notes that you should not retain the account number and expiration date unless you have an essential business need to do so because keeping this information, or keeping it longer than necessary raises the risk that the information could be used to commit fraud or identity theft.
References
- Federal Trade Commission: Protecting Personal Information, A Business
- PCI Security Standards Council: Customers worry about theft of their data.You should worry about business fallout
- "Are you keeping credit card information safe? Maybe not — if you keep it on file;"
- PCI Security Standards: About the PCI Security Standards Council
- Federal Trade Commission. "Warning Signs of Identity Theft." Accessed March 17, 2020.
- Federal Trade Commission. "Equifax Data Breach Settlement." Accessed March 17, 2020.
- Federal Bureau of Investigation. "Scams and Safety—Skimming." Accessed March 17, 2020.
- Federal Trade Commission. "Tips for Using Public Wi-Fi Networks." Accessed March 17, 2020.
- Federal Trade Commission. "How to Spot, Avoid and Report Tech Support Scams." Accessed March 17, 2020.
- Federal Trade Commission. "How to Recognize and Avoid Phishing Scams." Accessed March 17, 2020.
- Federal Trade Commission. "Protecting Against Credit Card Fraud." Accessed March 17, 2020.
- Federal Trade Commission. "The Dark Web: What Your Business Needs to Know." Accessed March 17, 2020.
- Federal Bureau of Investigation. "Credit Card Cloners Stole Thousands." Accessed March 17, 2020.
- Federal Trade Commission. "Lost or Stolen Credit, ATM, and Debit Cards." Accessed March 17, 2020.
- Discover. "Report Lost or Stolen Card." Accessed March 17, 2020.
- Capital One. "I Need a Replacement Credit Card." Accessed March 17, 2020.
- Federal Trade Commission. "How to Keep Your Personal Information Secure." Accessed March 17, 2020.
Resources
Writer Bio
Valerie Fox is a business reporter and editor specializing in consumer affairs and debt management. She has been a writer since 1994, also covering politics, housing and the stock and bond markets. Fox has written for Cox, Gannett and Knight-Ridder newspapers. She holds a Bachelor of Science in economics from the University of Florida.