The purpose of this document is to list procedures that ensure the safe handling and processing of credit cards for security and compliance with the Payment Card Industry Data Security Standard (PCI-DSS). Being PCI compliant means AfroGanix, LLC will not only provide a secure, encrypted checkout experience, but all Merchants must agree to not store any purchasing information on paper or via recording (i.e. if someone were to give you their card number over the phone, fax, email, mail, etc.).
All merchants agree to the policy below regarding sensitive data. This policy recognizes credit card data as restricted data. This data needs to be protected. Card holder data includes:
- The Primary Account Number (PAN) is the unique payment card number and identifies who issued the card as well as the particular cardholder account
- The Cardholder name, card expiration date and/or service code
- Security-related information, including card validation codes/values. This refers to the magnetic-stripe data and printed security features such as the CAV, CVC, CVV or CSC code, (the name depends on the payment card brand), as well as PINs, and PIN blocks used to authenticate cardholders and/or authorize payment card transactions
Storage of Credit Card Data
Under no circumstances should card holder data be maintained by Merchants in an electronic format. This includes saved on a computer, CD, removable drive, or any other form of electronic media.
The storage of paper records containing credit card information should be limited to that needed to conduct business. Under no circumstances should the CVV code be stored or recorded on paper.