18
Here are a few simple guidelines:
• Never email credit card numbers or request your customers provide their credit card
number by email
• Ensure that you process eCommerce transactions with security codes (CVV2/CVC2),
but do not store these codes after they have been authorised
• Keep cardholder data storage to a minimum, only what is necessary for business or
legal needs
• Once a transaction is processed, obscure all digits except the rst 6 and
last 4 digits of the Credit Card Number (e.g. 1234 56XX XXXX 7890) on all paper
and electronic records
• Store cardholder data in a secure environment with strict controls and
restricted access
• Use strong passwords which are changed at least every 90 days for all administrator
roles and users with access your customer’s card details
• Avoid storing cardholder data on PC’s, Laptops or mobile phones
• Do not store your customer’s card details online or unencrypted on your computer
• Securely dispose of cardholder data as soon as its use has expired. PCI DSS
recommends shredding, pulping, incinerating or other methods which make it
impossible to reconstruct the cardholder data. ANZ requires you keep transaction
records for 30 months minimum.
Under no circumstances should sensitive information be stored; this information
includes security codes (CVV2, CVC2), PIN or magnetic stripe data.
The following sources provide guidance on card data storage:
• Refer to the General Conditions, ANZ Merchant Services Section 14 for ‘Information
collection, storage and disclosure’.
• For more information, visit the PCI Security Standards Council website at
https://www.pcisecuritystandards.org/index.shtml
To Next Page
Loading...
