Chuck Fields
/ Categories: Blog

May I have your credit card number please?

Credit Card numbers on sticky notes…An eCommerce success story

I’ll never forget one of my first visits to a new client. As I looked around their office I saw credit card numbers, along with customer names, written on sticky notes which were posted in plain sight on several workstations. I tried to restrain myself when I asked about these publicly displayed numbers, then discovered that the employees were attempting to do what merely worked at the time…


The employees would take a customer phone call and gather the customer’s information for a payment. They would then collect these payment slips over a period of time (usually several hours) until the afternoon when the employee could make their way to the company’s single POS (point of sale) credit card machine to enter the payment. Risky? Heck yeah.

WHAT IF a dishonest or dissatisfied employee decided to help themselves to the credit card number of a customer?

WHAT IF a visitor copied or took one of the sticky notes?

WHAT IF a cleaning service or other individual rummaged through the trash for non-shredded notes?

And WHAT IF the company was fined by VISA or Mastercard for this breach of safety for their customer data?

I’m sure the client wasn’t being malicious about their handling of this sensitive information, this just happened to be a solution that worked for them, and they weren’t aware of just how risky this behavior was.

I’m pleased to say that I’ve worked with this client since to ensure they are following the Payment Card Industry Data Security Standard (PCI DSS) requirements. These requirements are designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.


I started by creating a payment system where employees could use their secure intranet to enter payments as needed. Now when customers call, employees can quickly look them up (and get balance details) then process the payment on the spot, with a receipt emailed to the customer as soon as the payment is processed (which is immediate). Not only did that help make the company PCI compliant by eliminating the need to write down credit card numbers, but it also reduced the time it had previously taken for an employee to process a customer payment. A win-win for the company and for their customers.


Processing single payments was nice, but I expanded the system to handle their monthly billing. We took what had been a 4-day process and reduced it to 40 minutes. Security and efficiency. Isn’t technology wonderful?



This is just one example of how we can use eCommerce to improve your business, increase your ROI and keep security tight. If you’d like to chat with me about your company’s needs for payment processing or application development, please contact us for a free consultation.
Previous Article Hackers never give up. Here’s how to keep your website safe.
Next Article Don’t hold back! Ask for what you want.
2021 Rate this article: