Miva Blog - Browse Miva’s Blog for expert ecommerce strategy, visual content and pro tips for omnichannel enterprise sales. Resources and best practices for online business.

Best Practices for Managing Credit Card Data Online

Written by Miva | Dec 17, 2013

Protecting your customers’ information is a duty that you sign on for when you decide to take orders online.  So it is important that you reassure your customers that their sensitive information is safe with you.  Not only will you be protecting your customers, but you will also be protecting your ecommerce business.

Credit card security in ecommerce is not a matter to be taken lightly or as an afterthought. Most online retailers don’t realize that approximately 80% of data breaches occur from small businesses.  70% of those small businesses are then immediately force to file for bankruptcy if credit card data was stolen due to lack of adherence to PCI Compliance Standards.  Credit card companies can fine ecommerce businesses up to $5,000 per account that is breached.

There are several best practices, which can help prevent ecommerce fraud and keep your site safe. Encrypt your ecommerce store’s payment data with these PCI-DSS standard best practices:

  1. Enable encryption in your store. After you enable encryption, payment information on new orders will be encrypted.
  2. Encrypt existing payment information. If you have existing orders with unencrypted payment information, you have to encrypt the payment information on those orders.
  3. Delete payment information from orders. PCI has several requirements for when you should delete payment information:
  • It is never acceptable to possess unencrypted credit card numbers in your database, even temporarily.
  • You should not keep credit card data longer than you need to. For example, the PCI standards let you store credit card information to cover your return policy, or if you sell custom products that may be paid for in installments. However, you should delete credit card information when you no longer need it to process or refund an order.
  • In no circumstances should you store payment information in your database for more than 1 year.
  • You may never store the entire stripe data (which includes the CVV code) even if it’s encrypted.
  • All secure payment information in your database must always be encrypted.

In order to address the extremely important need of online security, we have put together this all-inclusive Credit Card Security and Encryption Guide for Ecommerce Retailers.  This guide will show you everything on how to secure credit card data, from managing credit card data in the Miva Merchant interface to processing existing orders with the Encryption Key Wizard.
View full post