PCI Compliance with Mail Orders that Contain Credi...

CintiObserv · ‎01-05-2023

We are a non-profit and use Square POS for our gift shop, program fees, memberships, donations and the like. I understand that by using Square we are PCI compliant.

However we do receive some credit card information via the mail (typically memberships and donations), which are then processed in Square POS. Once they are approved we shred the mail with the credit card information.

Do we need undertake any PCI assessment or tasks to be 100% in compliance?

Thanks,
Craig

Cincinnati Observatory Center

Donnie-M · ‎01-05-2023

@CintiObserv When you accept the mail and then enter into square you are entering the info into a PCI compliant system. The biggest thing you need to do is ensure that access to the mail is limited, mail is not left unsecure, and destroying them after entering them is ideal (crosscut shredder!). As long as the mail is secure and you are not storing paper copies insecurely, you are fine as far as PCI compliance from what I know.

"Restrict physical access to cardholder data.
PCI DSS Requirement 9 relates to physical security. All physical access to cardholder data within the cardholder data environment must be controlled and restricted to only individual who require this physical access."

These safeguards limit your liability.

Donnie
Multi-Unit Manager
Order Up Cafe/Tombras Cafe/Riverview Cafe/City County Cafe
Roddy Vending Company, Inc.
www.OrderUpCafe.com

Using Square since July, 2017
Square Champion
Breaker of Things

"Good judgment comes from experience, and experience comes from bad judgment."

"You can have everything in life you want, if you will just help other people get what they want." Z.Z.
Do you want to have great restaurant menus that are easy to edit and don't cost a fortune? I use MustHaveMenus and you can too!
MustHaveMenus

PCI Compliance with Mail Orders that Contain Credit Card information