Most eCommerce Merchants realize that when customers place orders using their credit card via the internet, it is much safer than using the telephone to do same. If orders are placed over the phone, what happens? The order taker usually has to write down the customer’s information – including the sensitive credit card data. What then happens to that piece of paper?
In spite of this issue, there are a lot of customers who seem to prefer placing their orders over the phone. In this post, I talked about how some customers would rather hear a live voice on the phone to assure themselves they’re dealing with a credible merchant. Chances are, they don’t think about this safety issue and I’ve found it’s bad customer relations to even inform them of it. It simply doesn’t work to say “oh it’s not safe to place the order over the phone, can you go to our website and place it?” Just take the order, but make sure that after you’ve processed the order and it has gone through the encrypted authorization process in your shopping cart, you take care of that ‘piece of paper’.
In July of this year, newer stricter standards for Credit Card information safety were implemented and all merchants, large and small, are expected to comply with it. This standard is called the Payment Card Industry (PCI) standard and you can read about it here. Among the requirements it lays out, are restrictions for paper copy retention and physical access control to paper copies.
Since the home office might have ‘questionable’ security when it comes to this kind of paper, I’ve always found it easiest just to shred the paper material once the order has been transmitted. If you’re using a call center, it pays to find out what they’re doing with telephone order information. Are they shredding it? If not, are they storing it securely? A proactive approach to protecting your customer’s information is not only good business, but it can keep you away from credit card fraud related legal problems.