Credit Card Numbers = Kryptonite.
So what’s the biggest RISK to online registration software? What’s the worst thing that can go wrong?
The biggest risk for any event registration software is in storing credit card information and not losing credit card numbers to hackers.
Hopefully, I have convinced you in my previous blog posts to go with an ASP, i.e. Application Service Provider, to provide you with online registration software. One of the chief reasons is because a good ASP should also be very good at protecting the credit card numbers of your customers. The PCI standard requires that your ASP encrypts credit card numbers. This fact alone is one reason why going with the cheapest ASP might end up in disaster. Even the big acquirers who encrypt their card numbers can hit the rocks. Consider what happened to Global Payments in April 2012 (read: http://www.theinquirer.net/inquirer/news/2165471/global-payments-admits-losing-million-credit-card).
Other than encrypting the credit card numbers, is there any more an ASP can do? How about the complete elimination of credit card numbers from all of the ASP’s servers?
Processing sales in real-time is essential for any ASP. In fact, the roll-over time, i.e. the time it takes the transaction to make a round trip from the ASP to the acquirer and then back to the ASP, should be under 4 seconds. But, what about processing refunds? How important is it that refunds are done in real-time? We would all agree that a refund should occur on the day it is made, but what if we could gain some extra security by delaying refunds until later that same day?
Here is what I mean.
The simple process below dramatically increases the security of the credit card numbers housed on the ASP’s servers. The essence of the process is to keep ALL of the credit card numbers off of the production computers and instead on a secure encrypted USB drive. This encrypted USB drive would be locked in a vault, 99.9% of the time. For example, the Black Amour drive, made by Maxtor to military specifications, is an ideal USB secondary drive for storing the credit card numbers.
So how could you operate with 99.9% of the credit card numbers inaccessible in a vault?
Consider the process below:
- Each day, say at a secret time of say 11:40 p.m. the ASP attaches the USB drive, locates any credit card numbers required, and runs all of the refunds that have queued up during the day. The result is that every refund that was supposed to run in real-time is instead delayed and run all at once at the secret time on the exact day the refund was made.
- Right after the refunds have completed ALL of the encrypted credit card numbers are REMOVED from the production machine and placed back on the secure encrypted USB drive. In addition, any new credit card numbers that were collected during the day are also removed. The drive is then placed back into the vault again until the next day.
Let us examine what we have achieved through this process.
- The best hackers would be out of luck stealing credit cards from this ASP! That is because the card numbers have be securely erased and do not exist on the production machines.
- The cardholders get their refunds as they would have even if the refund had of been done in real-time.
- The gateway processor has a small window in order to void any undesired refunds or to monitor the flow of refunds before the funds are returned back to cardholders.
- Here is an unexpected advantage. Here is a way you the merchant might be able to save a considerable amount of money on VISA/ MC/ AMEX fees, i.e. through the merchant discount rate. Consider this, suppose your organization incorporates a corporate WALLET. The use of a corporate WALLET means that when people ask for changes to their registration, say a camper needs to choose a different week to attend, the funds may be refunded first to the WALLET and then the subsequent new week’s sale could use WALLET funds to settle. If your clients cancel or make a significant number of changes to registrations they enroll in, then the WALLET feature works incredibly well saving you money.
The process requires a human to manually run the refunds daily at the secret time.
The bottom line, keep those credit card numbers secure! For recurring payments, like those that would be part of a payment plan, tokenization may be helpful. Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value.
Let the ASP store your credit card numbers on your behalf. The ASP is required to comply with the PCI standard.
Remember to a merchant, handling credit card information, is like superman handling KRYPTONITE.