PCI Security and Credit Card Data Masking

Back in May, we shared the following information in a system update blog post:

The security of the Limo Anywhere system and protection of cardholder data is of the utmost importance to us. This is why your system includes a functionality that allows you to prohibit your personnel from seeing the full credit card details of your customers.

Limo Anywhere continues to abide by the applicable regulations, in addition to the best security practices in the industry. We are implementing an important change to our system for operators processing payments within Limo Anywhere. In the coming weeks, users will no longer be able to access full credit card details once they have been entered into the system.

We believe that this modification, while pertaining to a feature that is not strictly necessary for the provision of your services, will place you in the ranks of the operators with the highest data protection and security standards in the industry.

Some customers already have this enhanced security feature, and soon, everyone who uses Limo Anywhere to process payments will have it. Recently, as a few of you have begun to experience this functionality, we’ve received some requests for more information and/or assistance. We’ve compiled these FAQs to answer that need:

1. What exactly is changing about the visibility of credit card data?

Today, most customers are able to access full card details by re-entering their password when attempting to view a credit card. In order to provide a higher level of security, thus reducing your risk, this enhancement will remove that ability for Companies who process credit cards within Limo Anywhere using a supported payment gateway.

1. Why is Limo Anywhere making this change?

The security of the LA System and cardholder data protection is of the greatest importance. We believe this change will place you in the ranks of the operators with the highest data protection and security standards in the industry.

1. Is this change required by credit card processing regulations?

PCI Compliance Regulations require that access to credit card data be on a strictly “need-to-know” basis. In other words, if there is not a legitimate business reason for viewing this data, you should not be able to access it. So, while not required per se, this change meets that standard, and ultimately protects you (and your clients) from unnecessary risk exposure.

1. Who will be affected by this change?

This enhanced security protection will be rolled out by default to those operators who are processing credit cards within Limo Anywhere on a supported payment gateway.

1. Can I opt out of this feature?

We recognize that companies who do not process payments within Limo Anywhere will need access to full credit card data in order to process through a third-party payment terminal. Therefore we will not be adding this security protection to your systems.

If you do process payments in LA, but still have need to opt out of this security enhancement, we have the ability to do that for you. Note that your request to opt-out and your reasons will be documented, for our own compliance purposes.

More information on LA’s payment-related improvements is available on our website here.