Why am I seeing one of these alert features?
Protecting your clients personal data is our top priority at Timely, particularly when it comes to credit card information.
To keep your client’s data safe, we comply with a set of international regulations for credit card data called the PCI DSS. Part of these regulations lays out strict rules for where your clients credit card information is stored. Keeping card details anywhere outside a secure payment provider is not allowed. To stay compliant, Timely will now automatically alert any time we detect that credit card details have been entered in a restricted area. You will be shown one of the three alert messages depending on the options available to your business.
- Fantastic, TimelyPay is already set up for your business. You can securely save your client’s credit card information within the Timely Web App using TimelyPay’s secure card processing system (Only available to customers based in Australia, New Zealand and United Kingdom)
For more information on the new system please check out this help article.
- If you’d like to store your client’s card details in Timely you’ll need to set up TimelyPay. It’s really quick and simple to set up. (Note: The TimelyPay's secure card processing system is currently not available to EU customers)
Please check out this help article for more info on TimelyPay..
- TimelyPay is currently not available within your region.
What is PCI DSS?
PCI DSS stands for Payment Card Industry Data Security Standard. PCI DSS is a set of regulations created by four major payment providers including Visa, Master Card, American Express, Discover and JCB. The PCI DSS rules are there to ensure that all companies that accept, process, store or transmit credit card information securely.
There are 12 requirements under PCI DSS all focused on protecting the cardholder’s data. Removing credit card data from client notes relates to three of the twelve requirements:
- Protect stored cardholder data
- Restrict access to cardholder data by business need to know
- Restrict physical access to cardholder data
Want to find out more about PCI DSS? We recommend checking out the official PCI Security Standards Council site or Find out more about our provider's compliance
What does it mean for my business?
No matter the size of your business, anyone who accepts cards must comply with PCI requirements. This includes debit or credit cards, online and over-the-phone transactions.
Where in Timely could I expect to see this change?
- Appointment notes in the calendar (Applicable to both Add and Edit)
- Adding a new appointment in the calendar
- Editing an existing appointment in the calendar
- Busy time feature in the calendar
- Notes in the Customer profile
- Alerts in the Customer profile
- Booking questions in the service setup page & Booking comments (client view)
- Booking questions
Recommendation: We highly recommend you to revisit the service setup within the Timely Web App to ensure the Booking questions does not request the clients to provide their credit card information
- Booking comments
- Booking questions
- Classes (Note: The Classes feature had been deprecated in Timely since September 2018)
What are the alternative options to securely store the client’s credit card information if TimelyPay is not available within my region or if my business is already committed to another provider?
If your business is outside of the AU, NZ and UK and don’t have access to TimelyPay (or you want to keep using your current payment provider), we recommend you talk to your preferred provider about the options available to you for securely storing clients’ credit card details.