This article will overview the credit card security measures in Handbid.
You may often hear the words, PCI Compliance, and not really know what it means. PCI stands for the Payment Card Industry and the compliance part refers to what is called PCI DSS, "Payment Card Industry Data Security Standard." PCI DSS is a set of industry requirements that govern how a business handles, processes, or stores credit card information. Since many businesses do this in different ways (online, in person, or through 3rd parties) and process a varying number of transactions, PCI DSS defines various levels and requirements businesses must meet within those levels.
Based on the number of transactions we process, Handbid is required to complete a Self Assessment Questionnaire (SAQ) and implement certain security procedures and policies that comply with the PCI-DSS standard. In conjunction with our merchant gateway providers, we have completed the appropriate assessments and can provide them to our customers upon request. In short, we maintain the level of PCI-DSS compliance we are required to maintain.
DOES THE HANDBID PLATFORM STORE CREDIT CARD INFORMATION?
The short answer to this question is "no". Credit card information is not stored on Handbid servers. Users in the app or web securely connect directly to our merchant provider to submit their credit card information. Our merchant provider returns a secure token to our servers which we can use to either charge or refund the user's credit card. The only other operation we can do on the card is delete the card's token so it can no longer be used. Under no circumstance does Handbid or its employees have access to the bidder's submitted card information.
WHAT ABOUT AT EVENTS?
If you are collecting credit card information at events and entering that data directly into the Handbid interface, that form is securely connected to our merchant gateway. Handbid will not process that card information through any of our servers. However, your staff and volunteers may be handling a guest's credit card and we recommend you implement strict monitoring and procedures around how to properly handle a user's credit card at an event. Under no circumstance is Handbid liable for your team's misuse or mishandling of a bidder's physical credit card at an event.
HOW DOES PAYMENT WORK?
We strongly encourage you to set up a merchant account with our gateway provider and connect it to your organizational account in Handbid. This will allow proceeds to pass directly from your auction into your gateway account and eventually your bank account. We have videos on how to set this up or can provide you information on how to do this if you contact support.