If you are accepting credit cards for payment then the next question is, “Are you PCI Compliant?” PCI (Payment Card Industry) DSS (Data Security Standard), is a set of information security requirements enforced by major credit cards: American Express, Visa, MasterCard, Discover. By following these standards your company reduces the risk of credit card exposure.
The PCI Security Standard Council encourages all businesses that store payment account data to follow PCI DSS to lower financial risks. However, it is your responsibility to make sure that you are doing all that you can to ensure your customers’ payment card data is safe and that you’ve done everything to protect against breach.
In the past, companies could maintain customer/patient credit card payment information on digital or source documents. Rules have changed however, regarding the storing of the source document, i.e., having all 12-16 digits of credit card revealed. Businesses are now required to reveal only the first six and last 4-digits of a customer’s credit card number on file. It is now the organization’s responsibility to update those files and redact the credit card number, or at a minimum – leave only the last four digits.