Storing Credit Card Information

Question

Can I store my users\' credit card\'s expiration date & last 4 digits? The reasons for this is so we can notify the user that their card is about to expire and that they

Answer 1

There's a whole set of rules about what you can and cannot store, Google for PCI-Compliance. However, in short, yes, the expiration date and last-4 would be ok to store. The huge no-no is storing the CID number (number on the back of the card), but there are many other rules too.

Edit: This is based on the US rules.

Answer 2

Most acquirers (Chase Paymentech , for example) provide a service that sends you (and the customer , if you want) an email about card expiration & a bunch of other stuff (like credit limit reached ) - So you don't need to store any information except maybe the 4 last digits for recognition purposes.

Answer 3

This is not something which you can decide and the rules change from country to country. last 4 digits and expiry date are safe to store but its better to check the rules.