PCI DSS - an information security standard approved in Visa and Mastercard payment card industry. All companies that accept cards for payment must comply with such requirements. Some companies need to confirm their compliance.
The underlying principle to which such standard is focused is the endeavor to limit access to the data related to the payment cards as much as possible.
It is acknowledged that the best solution is to avoid processing such data ever and to address to the certified providers for pay in as an alternative. Normally, this means that we should not request and should not transfer card numbers. In case if a customer attempts to provide a card number, for example during a call on a payment problem, it is our job to immediately interrupt this attempt and explain why we cannot accept such data.
If data is received via email or messengers, we must delete it and warn the sender of the risks of transmitting card data.
By sensitive data we mean:
Full card number
CVV2/CVC2 code (three digits located on the back side of the card).
The names of cardholders
Concealed card numbers (first 6 and last 4 digits) do not require the same stringent protection as required by the standard and may be used reasonably.
Tarlan Payments passes such certification annually and satisfies all PCI DSS requirements