Company I work with that uses Paypal is not PCI compliant. What to do?

Wayofcain
Contributor
Contributor
Posted on
‎Aug-17-2017 06:16 PM

Hello,

 

A company I do business is not PCI compliant. They have every customer's credit card information in customer files stored in unlocked file cabinets in their main office and cabinets in other areas around general labor employees. They also keep them written on sticky notes and other various places sitting around. I've even seen them written on their warehouse pick tickets that travek through the entire company. 

 

I am also aware that they keep the Credit Card info in their order system under their customer notes that any and all users can see. They do this because it is easy for them.

 

At this point I need to be a whistle blower because they will not listen and refuse to change. 

 

Who should I report them to, they are currently using PayPal as their credit card gateway.

 

Thanks.

Login to Me Too
Login to Reply or Kudo
3 REPLIES 3

Whac-A-Mole
Frequent Advisor
Frequent Advisor
‎Aug-17-2017 06:43 PM

sloppy record keeping is not a crime,you should talk to the owner as he will understand the consequence,it will hurt his business/

 

Login to Me Too
Login to Reply or Kudo

Wayofcain
Contributor
Contributor
‎Aug-17-2017 06:48 PM

I have, multiple times. They refuse to believe anything is wrong.

Login to Me Too
Login to Reply or Kudo

DPCreations
Frequent Advisor
Frequent Advisor
‎Aug-17-2017 08:56 PM

Do a Google search for Payment Card Industry Standards.  You might find the place to report something.

Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.