Stripe and Owl Practice work flawlessly together to ensure card security, but that doesn’t mean all of the responsibility is out of your hands. As a frontline business that’s regularly processing card transactions, there are some dos and don’ts regarding card security that you need to keep in mind:
Do input all data and transactions directly into the secure PCI Hosting Provider’s (Owl/Stripe)’s system. If possible, use encrypted card swipers to collect and transmit all data into the system, if compatible with the provider. Or, be sure to process all of the transactions through a secure standalone merchant terminal, if preferred.
Don't ever record or write down cardholder information on paper, even if you’re writing it down on a post-it note temporarily. That information needs to be keyed into the secure system directly, every time. Keep in mind that Credit Card Authorization forms are not PCI compliant. In fact, storing any paper forms with card numbers, CVV, and expiry dates is not compliant and poses a significant risk for identity theft. Credit Card Authorization forms are quickly becoming a thing of the past because they are more easily susceptible to fraud.
Do use a secure, encrypted phone line if you’re exchanging cardholder information over the phone. If you happen to you use a call centre, check to see if they have the ability to allow customers to input their card data through a secure touchstone option, ensuring that no one else hears or sees the card details.
Don't ever record cardholder information in computer files or spreadsheets. Computers can be hacked, and that information could be stolen and used for identity theft. (Owl’s integration with Stripe solves this problem.)
Do make sure that all card numbers are rendered unreadable (tokenized) anywhere they’re kept and stored. You should only ever see the last four digits and expiry of all cards on file. (Again, not something you have to worry about when you use Owl’s integration with Stripe.)
If you keep these dos and don’ts in mind, then Owl and Stripe will be taking care of most of the work, leaving you with a few simple frontline best practices that you can follow to provide your clients with the best possible security!