We’ve a problem with the paperwork for the credit card companies: Payment Card Industries compliance, or PCI. Our provider has two types of PCI compliance form: if employees just take credit card numbers and pass them on, the form is simple – six fairly straightforward questions. If employees have access to stored credit card data, the form is ridiculously painful: more than 50 questions, each similar to: “Do you do regular full system security audits? Why not?”.
The problem is that for Infusionsoft to take credit card payments the card details need to be entered permanently with the customer record, and an employee can view them on entering their password. There’s no need for this functionality; we never need to see credit card data because Infusionsoft manage all the payments. But we can’t find a way to get rid of it, and for as long as we have it we cannot complete the PCI accreditation.
The only solution we’ve found so far is to stop taking credit card payments, ridiculous as it sounds.
Is there any way to prevent the ‘View credit card’ dialog for users? Could the IFS admins tweak the permissions for that table, or something?