May I have your credit card number please?
Credit Card numbers on sticky notes…An eCommerce success story
I’ll never forget one of my first visits to a new client. As
I looked around their office I saw credit card numbers, along with customer names, written
on sticky notes which were posted in plain sight on several workstations. I tried to restrain myself
when I asked about these publicly displayed numbers, then discovered that the
employees were attempting to do what merely worked at the time…
The employees would take a customer phone call and gather the
customer’s information for a payment. They would then collect these payment
slips over a period of time (usually several hours) until the afternoon when
the employee could make their way to the company’s single POS (point of
sale) credit card machine to enter the payment. Risky? Heck yeah.
WHAT IF a dishonest or dissatisfied employee decided to help
themselves to the credit card number of a customer?
WHAT IF a visitor copied or took one of the sticky notes?
WHAT IF a cleaning service or other individual rummaged
through the trash for non-shredded notes?
And WHAT IF the company was fined by VISA or Mastercard for
this breach of safety for their customer data?
I’m sure the client wasn’t being malicious about their
handling of this sensitive information, this just happened to be a solution that
worked for them, and they weren’t aware of just how risky this behavior was.
I’m pleased to say that I’ve worked with this client since to ensure they
are following the Payment Card Industry Data Security Standard (PCI DSS)
requirements. These requirements are designed to ensure that all companies that
process, store or transmit credit card information maintain a secure
I started by creating a payment system where employees could
use their secure intranet to enter payments as needed. Now when customers call, employees can quickly look them up (and get balance details) then process the
payment on the spot, with a receipt emailed to the customer as soon as the
payment is processed (which is immediate). Not only did that help make the company PCI compliant by eliminating the need to write down credit card numbers, but it
also reduced the time it had previously taken for an employee to process a
customer payment. A win-win for the company and for their customers.
A STEP FURTHER
Processing single payments was nice, but I expanded the
system to handle their monthly billing. We took what had been a 4-day process
and reduced it to 40 minutes. Security and efficiency. Isn’t technology
HOW CAN I HELP YOU?
This is just one example of how we can use
eCommerce to improve your business, increase your ROI and keep security tight. If
you’d like to chat with me about your company’s needs for payment processing or application development,
please contact us for a free consultation.