PCI compliance - Cardholder data on invoice

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Currently, ProductCartv4.5 prints out the following on both invoices and packing slips.

- At least the last 4 digits of the credit card
- Credit card expiration date
- Bill To address, which could be the credit card's name and billing address

According to the PCI compliance guide (http://www.pcicomplianceguide.org/pcifaqs.php),  "cardholder data is any  personally identifiable data associated with a 
cardholder. This could be an  account number, expiration date, name, 
address, social security number, etc.  All personally identifiable 
information associated with the cardholder that is  stored, processed, 
or transmitted is also considered cardholder data."

Thus, by the definition above, ProductCart is currently printing out cardholder data on invoices and packing slips since information such as expiration data, name, address and portion of the account number are always printed.  Since product orders may be shipping to gift recipients and not directly to the buyer, there becomes a problem with the cardholder data being also sent to these gift recipients.  This might be a PCI compliance issue for the merchants.  It is a good idea for the gift recipient not to receive any portion of the cardholder information anyways.  So for the "No,

I do not want card information printed on the invoice" option when generating the invoice and packing slip, all cardholder data should really be completely omitted from both the invoice and packing slip.  

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
marlanbrando Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 28-December-2009 Status: Offline Points: 0	Post Options Post Reply Quote marlanbrando Report Post Thanks(0) Quote Reply Topic: PCI compliance - Cardholder data on invoice Posted: 02-December-2011 at 10:34pm
	Currently, ProductCartv4.5 prints out the following on both invoices and packing slips. - At least the last 4 digits of the credit card - Credit card expiration date - Bill To address, which could be the credit card's name and billing address According to the PCI compliance guide (http://www.pcicomplianceguide.org/pcifaqs.php), "cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name, address, social security number, etc. All personally identifiable information associated with the cardholder that is stored, processed, or transmitted is also considered cardholder data." Thus, by the definition above, ProductCart is currently printing out cardholder data on invoices and packing slips since information such as expiration data, name, address and portion of the account number are always printed. Since product orders may be shipping to gift recipients and not directly to the buyer, there becomes a problem with the cardholder data being also sent to these gift recipients. This might be a PCI compliance issue for the merchants. It is a good idea for the gift recipient not to receive any portion of the cardholder information anyways. So for the "No, I do not want card information printed on the invoice" option when generating the invoice and packing slip, all cardholder data should really be completely omitted from both the invoice and packing slip.