Is it legal to store client credit card information?

Written By Barrio Performance Therapy

Storing client credit card information makes our client’s lives easier and it can make our lives immensely easier, too - especially when it comes to upholding things like our cancellation policy… but there are some very important legal considerations when it comes to storing this data.

In the United States, the Payment Card Industry Data Security Standard (PCI DSS) provides a set of governing regulations that state when and how credit card information can be stored. Based on the PCI SSS standards, the 3 most important things to keep in mind about storing card information are:

  • You can only store credit card information for legitimate business needs:

    • You can store cardholder data only if there is a clear business reason (ex: recurring billing, future charges, invoicing, etc.)

  • There are specific protections on what can (and can’t) be stored:

    • You can legally store: credit card number, cardholder name, expiration date

    • You cannot legally store: security code, chip data, PIN

  • Keeping the data protected is mandatory:

    • Where (and how) you store the data is important. Stored credit card information must be encrypted - meaning that it’s best practice to use a professional service or third party that will encrypt or tokenize the information so that it’s stored properly according to the Payment Card Industry Data Security Standard (PCI DSS) standards.

So what does this mean in practical application?

No credit card numbers jotted on a piece of paper. No pictures of credit cards stored somewhere on your phone (even in a hidden folder). Not even a formal system of gathering card info and storing it in a locked filing cabinet…. You have to meet all 3 standards (legitimate use, only necessary information, and encrypted data) in order to stay within the realm of legality.

But does it really matter?

Yes.

The PCI DSS regulations aren’t necessarily a “law” but they are industry standard that all major credit card companies (Visa, Mastercard, etc.) require businesses to adhere by. By breaching these regulations it can expose you to liability under other broader business laws like unfair business practices statutes that come with fines from $5,000 to $50,000 🤯

So what’s the best option for storing credit card information for a small business?

Using a computer program to handle the legal and encrypting stuff for you - never exposing yourself to the liability of knowing or writing down client card information.

Popular options include: Stripe (my personal favorite), Square, or other online payment processors.

I recommend that every bodyworker require clients to submit credit card information through their intake process. Here’s an example of what my clients are required to sign when they schedule services with me 👇

I use QuickBooks for credit card payments when a client wants to pay their invoice online, but prior to using Stripe, I didn’t have a way to store credit card information or help a client when they said “Can you just auto-charge my card on file?”.

With Stripe - I can do both and it’s totally free to create an account and use. Stripe does take a percentage of profit from each transaction (that’s how they stay in business) but there’s no monthly fees, etc. Well worth it and a small cost of doing business in my opinion.

For reference, this is what client data looks like in my Stripe account once they’ve entered it in my intake form 👇

If/when I need to charge a client, I can just log into Stripe, find their customer profile (with the encrypted credit card data stored) and with a few clicks, automatically charge them without ever even knowing their credit card number!

It’s kind of awesome and saves me so much headache.

Cancellation? I simply reply to the client and let them know I’ll be charging the card on file my cancellation fee. No back and forth, no asking them to Venmo me, etc. It’s a beautiful position to be in as a business owner!

If you’re feeling ready to take the next step in professionalism and have a digitized intake form that includes client credit card submissions - I’m here to help!

I have a digital intake form template available for purchase for $14 on my website. This intake form is powered through JotForm, another free platform (*note: there are limits that require a paid plan, but most users will never need it) and allows you to fully customize to your business needs. You’ll also have the ability to add in a Stripe integration, which is how you’ll store credit card info.

Not feeling techy or just want a second opinion? I’m always available to chat!

Shoot me an email at liz@barrioperformancetherapy.com or book a coaching call here and we can walk through the digital intake and credit card storage process for your specific business needs!

Did you know that statistically, most bodyworkers don’t make it past their 3rd business anniversary? 😢

If you need support building, scaling, or learning how to run your business like a pro so that you can make money and still love what you do - I’m here to help!

Visit my website for more information about Business Coaching and my comprehensive bodyworker business course, the Barrio Business Blueprint - I’d love to work with you to create a sustainable, profitable business.

Barrio Performance Therapy
Next

Quarterly tasks for equine business owners