Protecting customer transaction information

Fraudsters can illegally access customer cardholder data through computers used to process transactions. When you accept credit cards, you will be handling or transmitting card and cardholder details that are highly confidential. Here are some of the things you must do to keep that information safe.

Always:

- Ensure that any card information you store or transmit across the internet/other networks is encrypted and compliant in accordance with the Payment Card Industry Data Security Standard (PCI DSS)
- Ensure that information you store is only accessible to people who are authorised to manage or view that data
- Store any records containing information, such as copies of offline paper vouchers, in a secure place only accessible by authorised people
- If you need to dispose of card or customer data, ensure it is unreadable and all documents shredded
- Ensure that you have the latest version of third party applications, browsers and shopping carts
- Consider hosted payment options from a PCI DSS compliant gateway
- If you use another business partner, other than the Bank, to help you manage cardholder data, make sure they are PCI DSS compliant. You can check this by clicking on one of these links. Select based on the business partner being either a Visa service provider or a MasterCard service provider

Never:

- Disclose or share any card information without a justifiable business reason
- Request, use or store a card number for any purpose that is not related to a transaction
- Process a card through any card reading device not authorised by us
- Ask for a cardholder's PIN
- Store or collect a cardholder's CVV/CVC
- Require the cardholder to complete postcards or other forms that would result in account data being in plain view when mailed
- Require the cardholder to provide their CVV or PIN on any written form