In an age where uncertainty, fear and doubt are created by news headlines and even social media, how do your vendors work to reassure you that they’re doing the right things to protect your credit card information?
What is the most certain way to protect credit card information? Professional retouch service provider RetouchUp® believes it’s best not store it in the first place. Credit card information is not stored on RetouchUp.com servers, even in encrypted form (and it’s been this way since 2014).
How can a company that receives payment via credit card process payment without storing those numbers?
RetouchUp® relies on Authorize.net’s Customer Information Manager service (and has since 2014) to protect its clients’ payment information.
When a RetouchUp.com client enters their information, it is provided directly to secure payment processor Authorize.net, which then stores the information, and provides a special identifier.
Instead of a credit card number, the unique Authorize.net token is stored on RetouchUp® servers. Even the last four digits, and expiration date, (necessary to know which card a client has on file), is requested live from Authorize.net when viewing client account details.
When using RetouchUp.com, you’ll notice that the site is run on HTTPS (SSL encryption) by default – meaning that all traffic is encrypted between the server and the client computer.
In addition to trusting Authorize.net’s expertise in processing protection and information storage, rather than their own, RetouchUp® relies on quarterly information security audits, as a part of strict PCI DSS compliance, to make sure its system is a secure foundation on which to conduct business. These are recommended steps for any company accepting credit card payment information.
RetouchUp.com’s activities have been successful. The company believes, however, that responsible business requires a plan to protect against new and emerging vulnerabilities. Outside information management and auditing experts are an important piece of RetouchUp’s continuing information security plan.