Is it OK for sales reps to collect credit card data?

secure credit card salesman token biulling

If salespeople accept credit cards, instead of writing down credit card data on paper, sales should immediately process the transaction or enter sensitive payment data into a secure payment portal to encrypt and tokenize for future use.

What’s the best practice for sales reps to collect credit card data? This question primarily pertains to business to business companies, where billing may be done later by the credit or finance department. The initial sale, and possibly future sales, requires a credit card. 

Option 1: Eliminate sales from ever touching credit card data. This can be achieved by:

  • Creating an online payment page. The customer self-creates an account and manages their payment data, including whether they want to store it.
  • Using a ‘request for payment‘ service. This is a slimmed down version of electronic bill presentment and payment ( or EBPP Lite). The user enters whatever customer data management requires, including email or mobile number, invoice number, and amount due. The customer immediately receives a link to a unique secure URL to make the payment.
  • EBPP – there are multiple methods to send an electronic invoice for the customer pay, both integrated and non-integrated. This may be less desirable for new customers

Option 2: If the salesperson physically meets with the customer, use an enterprise mobile payment solution to include card reader, point to point encryption, tokenization, and data management for both card present and card not present transactions.

It’s much harder for merchants to maintain PCI compliance while mitigating risk of losses due to disputes or fraud, when sales uses alternative methods, including paper authorization forms.