Merchants often misunderstand what data they are allowed to save. This answer clarifies the "Do's and Don'ts" of data storage to prevent severe security violations.
1 Answers
No, you must never store full credit card numbers (PAN) or CVV codes on your own systems. Doing so would make you fully liable for PCI compliance and require a complex security audit.
Instead, you should follow these guidelines:
-
Do Not Store: Raw credit card numbers or security codes (CVV).
-
Store Only: The Payment Token returned by the 4Geeks API. You may also store the last 4 digits of the card for display purposes so customers can identify their payment method.
For recurring billing (like in a SaaS platform), you should use the stored Token to initiate future charges. When a customer signs up, you tokenize their card via the API, save the token in your database, and use that token for all subsequent automatic payments.
Related
What is the best way to reduce my PCI compliance scope when using 4Geeks Payments?
1 answers
What is 4Geeks Payments?
1 answers
What are the prerequisites before I can start configuring PCI compliance with 4Geeks?
1 answers
Can I store credit card information on my own server for recurring billing?
1 answers
What should I do if I encounter "401 Unauthorized" errors or SSL/TLS warnings?
1 answers
My payout hasn’t arrived in my bank account yet. Where is my money?
1 answers