In this guide you will learn key information regarding best practices to protect your clients credit card information, in order to remain PCI DSS (Payment Card Industry Data Security Standard) compliant.
What is PCI DSS?
PCI DSS stands for Payment Card Industry Data Security Standard. PCI DSS is a set of regulations created by four major payment providers including Visa, Master Card, American Express, Discover and JCB. The PCI DSS rules are there to ensure that all companies that accept, process, store or transmit credit card information securely. We recommend checking out the official PCI Security Standards Council site or see this link to learn more about our provider's compliance.
There are 12 requirements under PCI DSS all focused on protecting the cardholder’s data. Removing credit card data from client notes relates to three of the twelve requirements, specifically:
- Protect stored cardholder data
- Restrict access to cardholder data by business need to know
- Restrict physical access to cardholder data
Does PCI DSS requirements apply to all businesses using Timely?
No matter the size of your business, anyone who accepts card based payments must comply with PCI DSS requirements. This includes debit or credit cards, online and over-the-phone transactions.
How will this impact my business?
Protecting your clients personal data is our top priority at Timely, particularly when it comes to financial information. To keep your client’s data safe, we comply with international regulations for credit card data.
Part of these regulations is a strict set of rules for where your clients credit card information is stored. Keeping card details anywhere outside a secure payment provider is not allowed.
To stay compliant, Timely will now automatically alert any time we detect that credit card details have been entered in a restricted area. You will be shown one of the three alert messages depending on the options available to your business.
- Example A: "Fantastic, TimelyPay is already set up for your business. You can securely save your client’s credit card information within the Timely Web App using TimelyPay’s secure card processing system (Only available to customers based in Australia, New Zealand and United Kingdom)."
- Example B: "If you’d like to store your client’s card details in Timely you’ll need to set up TimelyPay. It’s really quick and simple to set up. (Note: The TimelyPay's secure card processing system is currently not available to EU customers)"
- Example C: "TimelyPay is currently not available within your region."
Where in Timely could I expect to see this change?
A Appointment notes when adding a new appointment, or editing an existing one in the calendar.B Busy time feature in the calendar
C Notes in the customer profile
D Alerts in the customer profile
E Booking questions in the service set up page & booking comments (client view).
Important note: We highly recommend you to revisit the service setup within the Timely Web App to ensure the booking questions do not request the clients to provide their credit card information. This will ensure you remain PCI DSS compliant, which is incredibly important when running your business.
What if TimelyPay isn't available in my region?
If your business is outside of the AU, NZ and UK and don’t have access to TimelyPay (or you want to keep using your current payment provider), we recommend you talk to your preferred provider about the options available to you for securely storing clients’ credit card details. They will have the most up to date and accurate information to guide you in remaining PCI DSS compliant when running your business.