October 7, 2020

Protecting Cardholder Data: Do’s and Don’ts

AQ and Currency are collaborating on a series of blogs to combine our unique industry knowledge and experience. Read on for Part II.

In part 1 last week I covered some Payment Processing Best Practices. Now we’re going to go over some Do’s & Don’ts around protecting cardholder data security.

A great way to maintain customer confidence and keep your customers coming back is by protecting their sensitive card information. Using these Payment Card Industry Data Security Standards (PCI DSS) is the first step. Here’s a list of do’s and don’ts when it comes to PCI DSS.


  • When accepting credit/debit cards online, ensure the proper firewalls are setup and your computer’s anti-virus software is up to date to mitigate the possibility of a data breach.
  • Have your system scanned by a PCI DSS approved service provider annually to ensure you are taking all the proper precautions to prevent any kind of unauthorized access to your computer systems.
  • If customer is present, validate the card with a valid government ID.
  • Restrict employee access to “need to know” information only. For example, a sales representative typically doesn’t need access to credit card numbers or other personal cardholder information and access to it should be limited. Give each employee a unique login and password with permissions relating to their role, require passwords to be changed periodically and remove any access permissions immediately after an employee leaves your company. This will help maintain system security as well as track data activity by user. Have strict policies and vetting for those employees who do have access to customer information, including pre-employment and periodic background checks.
  • Destroy anything with cardholder data on it, don’t just throw it in the trash.


  • Don’t keep copies of cardholder data unsecured or unencrypted. All cardholder data should be kept in secured electronic storage locations I.e. the merchant's payment portal or tokenized in a secure system that’s regularly scanned and audited for security.
  • Don’t share passwords or use simple or easily guessed passwords that could be easily hacked.
  • Never save AVS or CVV data as prohibited by card brand association rules.
  • Don’t allow customer personally identifiable information to leave your offices or company owned and controlled equipment. It is also not recommended to allow the use of personal devices by employees for work activities.

If you have any questions or would like to speak with a specialist to get started with CurrencyPay® or AQ pay, please reach out by phone at 1-866-452-8324, email sales@AQ-FES.com or visit www.AQ-FES.com.

Related Links: Payment Processing Best Practices: How to Mitigate Risk, AutoQuotes Launches AQ Pay, Powered by CurrencyIntroducing AQ Pay: Simplifying the Payments Process – Q & A from our Latest Webinar

Matthew D’Anjou - Vice President & Head of Payments at Currency

Matthew D’Anjou is the Vice President & Head of Payments at CurrencyPay. He has over nine years of payments experience win the payment processing and financial services industry. He has helped many businesses with payments solutions, giving him the experience and knowledge to help solution a vast variety of partners and merchants at Currency.

Previously, Matthew led partner integrations, global payments and global enterprise merchant solutions at Litle &Co, Tipalti, BlueSnap and WorldPay. Matthew’s expertise lies in merchant payment solutions focused on functionality, reducing payment costs, and turning payments from a cost center into a revenue center. Since joining Currency, Matt has been focused on building a robust payments solution that reduces fees and increases payment options for our partners, aiming to provide the best experience for them and their customers. Specializations: Interchange Optimization, Recurring Billing, Payment Facilitation, IVS partnerships, fraud & chargeback prevention, B2B big ticket transactions, partner integrations, alternative payments, global payments, and driving revenue within payments.

© 2020 CurrencyPay. All rights reserved. CurrencyPay is a registered trademark of CurrencyPay, LLC

Let’s Talk

To learn more about publishing with AutoQuotes, subscribing to AutoQuotes, questions about our products and solutions, or to schedule a demo contact the AutoQuotes sales team at sales.uk@aq-fes.com

Welcome Back!
Please sign in to continue
Traducir »