Auto Delete Cardholder Data
-
Shane Mc Cormack shared this idea 11 years ago
- Payments/Billing
- 3 Comments
8
Votes
Requirement 3.1 of PCI DSS requires merchants keep cardholder data storage to a minimum and Limit storage amount and retention time to that which is required for business, legal, and/or regulatory purposes.
Our company policy requires us to delete cardholder data after a number of months after expiry or if there are no active services - but WHMCS doesn't appear to have any settings for this.
As this is a requirement for PCI Compliance, WHMCS should have something built in to allow this.
Our company policy requires us to delete cardholder data after a number of months after expiry or if there are no active services - but WHMCS doesn't appear to have any settings for this.
As this is a requirement for PCI Compliance, WHMCS should have something built in to allow this.
Featured Comment
I've been doing some housekeeping and noticed that recently implemented new features meet the requirements of this request!
WHMCS has always had the option to delete stored card data when it expires: https://docs.whmcs.com/Automation_Settings#CC_Expiry_Notices_Date
The Data Retention Policy Automation features added in v.7.5 can automatically delete client data (including credit card number) after a user-defined period of inactivity: https://docs.whmcs.com/Data_Retention_Policy_Automation