Menu
Can I store my users' credit card's expiration date & last 4 digits? The reasons for this is so we can notify the user that their card is about to expire and that they should change their account over to their new card. Storing the last four digits will allow the user to identify what card they have stored with our system.
925
You should store paper documents with credit card numbers locked in a safe place such as a safe when not in use and restrict access. Electronic storage of credit card numbers is also standard if, for example, you perform recurring or recurring transactions.
To store credit card information on paper, you must cross it out with a dark pen to make the security code unreadable after completing the transaction and before storing a paper authorization form.
PCI DSS requirement 4.2 states that credit card information must not be captured, transmitted, or stored via email.
The credit card number must be filed in a secure location, in a safe or under lock and key. Credit card numbers must not be stored electronically, i.e. in a spreadsheet, database, or anywhere on a computer and/or network. Once the customer relationship is finished, the credit card number should be cross-shredded.
There's a whole set of rules about what you can and cannot store, Google for PCI-Compliance. However, in short, yes, the expiration date and last-4 would be ok to store. The huge no-no is storing the CID number (number on the back of the card), but there are many other rules too.
Edit: This is based on the US rules.
192
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
