To preserve the security of your customer's data, we urge you to NOT store their credit card information within YouLi - we integrate with Payment Gateways that can do this securely for you.
Some things to be aware of:
If you accept credit or debit cards, PCI Security Standards apply to you. Even if your customers ask you to store their credit card data, you shouldn't.
Both Stripe and Square are PCI-compliant payment processors. They have specialized security controls to secure customers’ data, and therefore you lessen the risks involved in storing credit card data. This is why we utilize these payment processors for Traveler bookings!
NEVER collect credit card information using a text field (any field in the tasks forms).
Even an encrypted text field doesn’t comply with PCI standards. So ALWAYS use a credit card-specific field.
You should NOT store credit card information in PLANNER NOTES, a form builder, a spreadsheet, a database or on a piece of paper. None of these options are safe, nor are they PCI-compliant.
Convenience vs. Security
- We understand that the travel industry has operated by sharing credit card information in a more casual way, which is why we wrote this article.
- As a platform, we take our responsibility as your data stewards to help you be safe and keep the data of your customers safe. No matter how much it seems like the convenience of writing down their credit card outweighs the risk of capturing this information in a way that can be stolen - IT NEVER IS!
- Your customer might be annoyed that they have to click to a form and enter their credit card information right now - but they would be even angrier if a data breach caused them to have their identity stolen and fraudulent charges made.😡
If your team is struggling to find a way to service your clients without storing credit card numbers outside of a payment gateway (Stripe, Square, etc), please be in touch with our team and we can discuss your digital transformation to a more secure business process.
Credit Card Authorization Forms
- In the past, many Travel Agents collected permission from their customers to use their credit card on their behalf to purchase from suppliers. This was probably never a very secure process, but with all the cyber attacks happening these days, storing full credit card details has become a huge liability.
- In fact: It’s a violation of PCI standards to record a customer’s CVV. If you’d like to manually input a payment, you’ll need to request the CVV directly from the seller each time you input the card.
- The only way around this is to store the card for future charge inside a gateway (like Stripe, Square, etc). However, you cannot use that information to enter their card details in a supplier's booking system. You must take the payment and then pay the supplier from your accounts.
Need more help?
For more tips on pre-trip customer support join the YouLi community of travel professionals with monthly LIVE webinars and Q&A sessions.