NRF: Storing credit card data should be optional

10/10/2007

WASHINGTON The National Retail Federation reported that it has sent a letter to Payment Card Industry Security Standards Council, requesting changes in how the credit card industry requires merchants to store credit card data.

In the letter, written by NRF cio David Hogan, NRF addresses the idea that credit card companies usually require retailers to store credit card numbers for a substantial period of time, often 18 months to satisfy card company retrieval requests. According to NRF, this makes it difficult for retailers to protect sensitive customer information.

“All of us -- merchants, banks, credit card companies and our customers -- want to eliminate credit card fraud,” said Hogan in the letter. “But if the goal is to make credit card data less vulnerable, the ultimate solution is to stop requiring merchants to store card data in the first place.” 

The NRF said it feels retailers should have a choice as to whether or not they want to store credit card numbers at all, and instead be given the option of keeping just the authorization code provided at the time of sale and a truncated receipt.

“If all merchants took advantage of this option, credit card companies and their member banks would be the only ones with large caches of data on hand, and could keep and protect their card numbers in whatever manner they wished,” said Hogan. “The bottom line is that it makes more sense for credit card companies to protect their data from thieves by keeping it in a relatively few secure locations than to expect millions of merchants scattered across the nation to lock up their data for them.” 

X
This ad will auto-close in 10 seconds