Skip to main content

Are you manually re-entering card data from one system into another?

Updated
If you're manually re-entering card information from one system into another, here's how to protect your business:
 
Re-keying card data happens when you enter payment information into a system that doesn't match how the payment was originally taken - like typing phone orders into your website or entering online orders into a terminal. This violates PCI security requirements, often breaks your payment provider's terms, and creates unnecessary exposure points for sensitive data.
 
Essential steps to reduce your risk:
 
1. Match payment methods to proper technology
  • Website payments: Use hosted payment pages or secure embedded forms on your site
  • Phone payments: Process through standalone terminals, point-of-sale systems, or virtual terminals
  • In-person payments: Use certified card readers or terminals only
  • Mail orders: Process through virtual terminals or dedicated mail order systems
2. Eliminate manual data transfer immediately
  • Stop typing card information from one system into another
  • Never copy card data between different payment platforms
  • Avoid handwriting card details for later entry into digital systems
  • Don't transfer payment data between different terminals or devices
3. Implement channel-appropriate processing
  • Set up separate processing methods for each payment channel you use
  • Train staff to use the correct system for each type of transaction
  • Ensure each payment method connects directly to your processor without manual intervention
  • Work with your payment provider to configure proper processing for each channel
4. Review and update your payment workflows
  • Map out how payments currently flow through your business
  • Identify any points where manual re-entry occurs
  • Replace manual processes with direct, automated payment processing
  • Document proper procedures for each payment channel
5. Red flags that increase your risk
  • Staff typing online orders into physical terminals
  • Phone orders being entered into website payment forms
  • Card data written down for later processing in a different system
  • Payment information transferred between different software platforms
  • Multiple payment systems that don't integrate properly
  • Manual processes that involve handling the same card data multiple times
The bottom line
 
Manual re-entry of card data creates multiple security vulnerabilities and often violates your payment provider's terms. Each time card data is handled manually, you increase your risk of breaches and compliance issues.
 
Contact your payment processor immediately to set up proper processing methods for each payment channel. Eliminate manual data transfer to reduce your security risk and ensure compliance with PCI requirements.