You must keep all cardholder data in your system secure if you want to meet PCI compliance standards. While your Clover or Vital POS system can collect various pieces of cardholder data throughout the day, they will all enter the same database. This database can feature specific numbers, names, and other identifying points.
While you could use these details for analytics or contact purposes, it is essential for PCI compliance purposes that you keep this data protected at all times. All people should only get access to these details on a need-to-know basis. This point means that the data can only work when there’s a definite need to use something for processing orders.
The process can entail protecting data surrounding what activities you will approve of for data access. You can request that data is only accessible when someone is trying to complete a transaction, or for when you’re confirming a purchase with a customer. Sometimes the data access will be limited to communications with your business and a specific customer. In other cases, it may be for legal or tax-related purposes.
Your merchant services system works best when you know what rules you have for managing cardholder data. All content must be accessible only on a need-to-know basis to ensure nothing is lost in your work. Talk with your employees about what pieces of data they can access, and plan your cardholder database to where only specific employees can log into and access content as necessary.