Storing Card Details


We do not recommend that you store card details inside a client record.


Data security guidelines for storing card details is very strict for example -  under PCI DSS (Payment Card Industry Data Security Standard) law you cannot store the last 3 digits of a card and you would not be covered here if you chose to do this.  


We do not provide any protection if you choose to store card or sensitive information inside your CRM account. 


Also, if you use temporary users/staff from time to time, giving them access to your CRM account, should this information get in the wrong hands it would pose a security risk to you and your clients. 

 

Best Practice:


Manual Payments

Process card payment at the time face to face with your client or by phone then destroy the card information once the card has been processed, keeping the card receipt and providing a copy to your client and copy for you to process with your bank.  No card information should be stored outside of this for security reasons.

 

Online Payments

This is a great way of doing recurring card payment as merchant accounts will allow you to store the card details here in a highly secure area only exposing out the last 4 digits of the card details so each month you can simply re-process the card payment.  


Please be sure to get the clients permission for recurring card payment.