Here at Secure Records Solutions, security is something we take very seriously – it’s right there in our name. All that we do – from shredding to storing to indexing – is done with unwavering adherence to the highest security standards of our industry. Our primary tasks in handling records aren’t the only places we look to set the bar high. Recently, we underwent a process to ensure our compliance with PCI standards for handling customer credit card information. This process, piloted by our business manager Lisa Leabo, allows us to handle credit card information for convenient client transactions with the same level of industry-leading security we offer their data and records.
PCI is short for Payment Card Industry Data Security Standard. PCI isn’t connected to any governing body; it’s a standard created by the major credit card companies that ensures secure transactions wherever their cards are used.
How Does It Work?
Our move towards PCI compliance was made easier, Lisa says, by first partnering with a third-party credit card processing company like Stripe. Stripe provides the software to handle the secure transactions. PCI compliance requires that certain credit card information be stored but not visible. It also requires that certain information, like CVV codes, be destroyed after every use. Stripe’s software automatically handles all input credit card information in accordance with these requirements. At the beginning of a transaction, Stripe’s software will display only the last four digits of a card to the SRS team member that has clearance to input customer payments into the system. This allows them to choose the correct card without the entire card number being displayed. The software stores the entire card number, but only displays the last four digits, and never stores the CVV.
PCI compliance also means attending to variables outside of what’s handled by your payment processing software. At SRS, we adhere to those requirements by using encrypted communication methods for credit card transactions. We also limit the number of employees cleared to use payment processing software. (Across our team, only a few senior members may process credit card transactions. If a salesperson wants to process a client’s credit card payment, they must seek assistance from a team member cleared to process the payment.) We’ve also implemented testing protocols adherent to PCI standards. The bulk of testing takes place at yearly intervals conducted by third-party IT specialists. They ensure that all protocols are routinely followed and all software is up to date and performing as it should.
How Does It Make a Difference?
Our move towards PCI compliance has increased our ability to serve our clients through more convenient and secure payment processes. It allows us to achieve so much more than just an improved customer experience. Through staying in step with PCI compliance requirements, we’ve found another way to ensure data and information security. We believe all businesses should strive towards PCI compliance to eliminate liability and the chance of a harmful data breach. Your clients can rest assured their credit card information is always secure.
A governing body doesn’t enforce PCI compliance. This means the motivating factor for businesses centers on prioritizing information, data security, and being the type of business customers can trust. We think this is something all businesses should strive for, and we’re proud to lead by example. Especially, Lisa says, when employing the right technology and crafting a few simple rules for in-house compliance makes the transition to PCI compliance too simple not to invest in. Consider the rewards of decreased liability and increased customer information security.
If you’re a customer or fellow business interested in learning more about our PCI compliance journey, we’re always available to help. Contact us anytime to learn more about PCI compliance and other methods we use to provide the best in data and record security to our customers.