ProPay is telling small businesses to encrypt credit card numbers and to avoid storing the critical data themselves.
“PCI requires that if you possess the PAN, the primary account number, you must encrypt it,” Mark Johnson, ProPay CIO, told InternetNews.com. “If it’s in the merchant’s possession, it must be encrypted.”
So why keep it? ProPay wants to hold the number for the merchant. “Get rid of the jewelry from your house and put it in the bank. Protection is the bank’s core competency,” Johnson said.
The company’s secure repository product is called ProPay. It promises to lower both the risk and the PCI compliance burden for businesses.
“The point is that micro merchants collect credit card data,” said Scott Nelson, ProPay vice president of marketing. “They put them in spreadsheets and order forms and that’s not secure.”