• (800) 846-4472
POS transaction

Eliminating Storage of Sensitive Cardholder Data During Point of Sale Transactions

Ray Moorman

As a business owner, your customers put a lot of trust in you. They trust that you’ll protect their sensitive data and it’s your job—for the sake of your business and your reputation—to do so. Here are some technologies that eliminate or reduce the storage of sensitive cardholder data during point of sale transactions.

Technologies that protect cardholder data

No matter your company’s sensitive data storage needs, consider using a combination of the following technologies that reduce or eliminate storage of sensitive payment data:

  • Tokenization. This technology changes the card number to a randomly generated “token” as soon as it enters the POS terminal. The token then travels across the network, to be decoded only by the payments processor. So, even if a fraudster intercepts the information, the token is useless and cannot be used in fraudulent transactions.
  • Encryption. This technology uses a complex algorithm to transform the card number and other sensitive cardholder data into a non-readable string of text called a “ciphertext.” This ciphertext can only be decoded using a special key, to which only your payments processor has access.
  • Firewalls. Firewalls serve as an additional layer of protection between your systems and the Internet. Having a strong firewall in place may mean the difference between your systems being vulnerable or being protected from a data breach.

Best practices for handling sensitive data

Whenever possible, we recommend not storing sensitive cardholder data on your systems—but in reality, sometimes you need access to that information in the future for returns, chargebacks or even recurring transactions. Here are some tips on how to secure customer data on your systems:

  • If you have devices that collect sensitive data—such as PIN pads—make sure you secure them so that potential hackers can’t tamper with them. What’s more, take regular inventory of these items so you know that criminals haven’t switched out such devices.
  • Publish a clear, written records retention policy that applies across the board to all employees, contractors and vendors of your company. This policy should include details on:
    • What information must be kept
    • How to secure that information
    • How long that information needs to be kept
    • How to destroy that information securely when your company no longer needs access to it
  • Check the default settings on all software and devices that gather credit card data and process transactions. Sometimes, such software defaults to storing sensitive data permanently—which can be highly dangerous to your business and is very rarely necessarily. Change the data storage setting to align with the needs of your records retention policy, outlined above.

For more helpful information like this, the Trade Commission has published a very helpful guide about protecting personal information. Check it out today for more information on the importance of protecting your customers’ data.

Get An eBook All-Access-Pass

  • eBook About POS
  • Grow Your Business Guide
  • Improve Your Business
  • 5 Steps Secure Your Business

Subscribe to our blog and get an all access pass to our past, present, and future eBooks for FREE.

At Your Fingertips

Download the POS Buyer’s Guide

It's a big job to buy the perfect POS System. This is a robust guide to get you equipped to ask all the right questions to potential providers.

Find a Local POS Provider

With this FREE service we can point you in the direction to providers who can meet your needs, and potentially exceed your expectations.

Take The Next Step

Get Mercury and discover how we continually earn the industry’s top spot in payment processing and excellent customer service.

Thank you for your interest in
Vantiv Integrated Payments.
We just need a little info to get started.