Cyber Application: Protected Personal Information Records Question

Cyber Application: Protected Personal Information Records Question

Cyber Application: Protected Personal Information Records Question
By 
Pathpoint
Jul 20, 2021
LinkedIn Icon


Struggling with this question on our application? Here’s what you need to know:

Most companies accept credit cards for payment, but that’s not what this question is asking. If your client has a payment processor that they built themselves, then you should answer yes to this question. Otherwise, they likely aren’t collecting Personally Identifiable Information (PII) about people’s credit cards.

Another way to look at it is if the client is actually storing the credit card numbers and other information, or if they just let people pay through a third party tool.

This is because tools like Paypal, Square, Squarespace, and Shopify all handle the credit card payments for businesses, so the business is not actually privy to or storing their client’s credit card information. If this is the case, then you should answer no to this question.

Questions to ask:

  • Do you have a payment processor you built? If so, are you PCI compliant? How do you protect this data?
  • Do you see the credit card numbers people use to pay?

More From Our Blog

Explore all posts