Navigation

 ·   Wiki Home
 ·   Wiki Help
 ·   Categories
 ·   Title List
 ·   Uncategorized Pages
 ·   Random Page
 ·   Recent Changes
 ·   RSS
 ·   Atom
 ·   What Links Here

Active Members:

Search:

 

Create or Find Page:

 

View PCI Compliance - Credit Card Data Purging

Category:Security
Category:Credit Card Processing

How to purge old credit card data from your system

According to Payment Card Industry (PCI) standards and requirements, which you are contractually obligated to follow by your credit card processor, you must define a company data retention policy. This policy will dictate, among other things, how long you will store and retain sensitive data regarding your clients.  This means that you must periodically flush your database of any credit card numbers, card expiration dates, Address Verification Service details, etc.  For most Hudson clients, this means that you must remove stale or outdated credit card details from:

     
  • Stored user profiles
  •  
  • Credit Card transaction history
  •  
  • Reservation records

If you are using the Hudson HGTS system to process credit card payments, you may use a series of Hudson provided tools (effective version 1.94 build 5195) to meet these requirements. The steps below explain how to purge your system of historical credit card information and history, when no longer required and according to your company’s data retention policy.

The steps below should only be done by an authorized network administrator. The actions described below result in data being removed from your system. The actions are irreversible and cannot be undone. Once completed, the data that has been deleted cannot be retrieved.

Enable DB Management Privilege

You must have a specific User Access privilege enabled for your HGTS login id in order to delete Credit Card data using the tools below.  Network or system administrators should check their user privileges: you need to locate and enable the following:

Admin: DB management (security)


If the privilege is checked, it has been enabled.  The remaining steps outlined below are all done from the HWeb Admin system component. NOTE: In all the steps below, all information in a field named SecureData is erased. This SecureData field, if viewed in a dispatcher grid, displays the results of Hudsons sophisticated data encryption process and is illegible.  If a credit card number exists in a reservation, CC transaction record, profile, etc, it will continue to be visible but only in a masked format, showing only the last 4 digits.  Users, even those operating under Special Edit Mode, will NOT be able to view the original or entire credit card number once the SecureData fileld is cleared.

Sample SecureData field

The Hudson Group has a very robust data encryption process. Sensitive data is stored, encrypted, in various tables in the back end database. If you were to open a Reservations Grid, User Profile Grid, or CC Transactions Grid, you will see a field named SecureData. This is where the encrypted data is stored and retrieved from.  This is what typical SecureData fields look like:

SecureData2.png

Clear Credit Card data from User Profiles

Follow these steps to remove credit card data from profiles that have not been used in a specified amount of time. This process does not remove the user profile, it only removes the credit card data from the profile, based on when the profile was last used to make a reservation.

     
  1. Login to HWeb Admin
  2.  
  3. Browse to Database Utilities -> Purge secure CC data -> Profiles by last used date
  4.  
  5. Purge BEFORE (Date field): Enter the desired date. Note: the SecureData will be cleared for all records OLDER than this date
  6.  
  7. Select Purge Speed (See notes below)
  8.  
  9. Update Records
           
    • Unchecked - Returns list of how many records would qualify for processing
    •      
    • Checked - Actually results in records being processed and data cleared
  10. Fast Processing
           
    • Unchecked - process speed determined according to Purge Speed setting above. Purge process may be stopped or interrupted after beginning. Time to process depends on number of records being cleared. Can take several minutes or more.
    •      
    • Checked - Hides the Purge Speed drop list above. Results in very fast clearing of records (several seconds only). May NOT be stopped once begun.
  11. Press the “Execute” button to begin the purge process

A note about Purge Speed setting: Generally, it is permissible to leave the Purge Speed to Fastest. When a database has a very large number of records and / or a very large number of simultaneous users, it may be advisable to chose “Faster” or “Normal.” Selecting Fastest, Faster, or Normal will result in each record in the database table being examined and processed individually.  To test the functionality and result of clearing the SecureData field, you may wish to locate the user profile with the oldest ReservationLastTOD date (launch a User Profiles Grid in Dispatcher and sort by this column). Set this date as the Purge Before date and then use the “Fastest” setting.  Observe how the Purge function works. You can stop it if needed and can also then check the profile(s) and see how the Credit Card data in that profile have been changed.  Once you are comfortable with the process, you can proceed to the “Fast Processing” option to complete the purge process in a much shorter time.

Clear Credit Card data from Reservations

Follow these steps to remove credit card data from “current” reservations. If your database has reservations that are from months to years old, it is unlikely that you will need to retain the actual credit card number any longer.

     
  1. Login to HWeb Admin
  2.  
  3. Browse to Database Utilities -> Purge secure CC data -> Reservations by pickup date
  4.  
  5. Purge BEFORE (Date field): Enter the desired date. Note: the SecureData will be cleared for all reservations where the Pickup Date is OLDER than / prior to this date
  6.  
  7. Select Purge Speed (See notes below)
  8.  
  9. Update Records
           
    • Unchecked - Returns list of how many records would qualify for processing
    •      
    • Checked - Actually results in records being processed and data cleared
  10. Fast Processing
           
    • Unchecked - process speed determined according to Purge Speed setting above. Purge process may be stopped or interrupted after beginning. Time to process depends on number of records being cleared. Can take several minutes or more.
    •      
    • Checked - Hides the Purge Speed drop list above. Results in very fast clearing of records (several seconds only). May NOT be stopped once begun.
  11. Press the “Execute” button to begin the purge process

A note about Purge Speed setting: Generally, it is permissible to leave the Purge Speed to Fastest. When a database has a very large number of records and / or a very large number of simultaneous users, it may be advisable to chose “Faster” or “Normal.” Selecting Fastest, Faster, or Normal will result in each record in the database table being examined and processed individually.  To test the functionality and result of clearing the SecureData field, you may wish to locate the reservation with the oldest PickupTOD date (launch a Reservations Grid in Dispatcher and sort by PickupTOD column). Set the next day as the Purge Before date and then use the “Fastest” setting.  Observe how the Purge function works. You can stop it if needed and can also then check the reservation and see how the Credit Card data in that record has been changed.  Once you are comfortable with the process, you can proceed to the “Fast Processing” option to complete the purge process in a much shorter time.

Clear Credit Card data from Archived Reservations

Similar to the process immediately above, this is the action you will take when reservations have been moved to your archive table.  Archived reservations may still be searched, reported and managed, but typically are months or years old and retained primarily for reporting needs.

     
  1. Login to HWeb Admin
  2.  
  3. Browse to Database Utilities -> Purge secure CC data -> Archive reservations by pickup date
  4.  
  5. Purge BEFORE (Date field): Enter the desired date. Note: the SecureData will be cleared for all archived reservations where the Pickup Date is OLDER than / prior to this date
  6.  
  7. Select Purge Speed (See notes below)
  8.  
  9. Update Records
           
    • Unchecked - Returns list of how many records would qualify for processing
    •      
    • Checked - Actually results in records being processed and data cleared
  10. Fast Processing
           
    • Unchecked - process speed determined according to Purge Speed setting above. Purge process may be stopped or interrupted after beginning. Time to process depends on number of records being cleared. Can take several minutes or more.
    •      
    • Checked - Hides the Purge Speed drop list above. Results in very fast clearing of records (several seconds only). May NOT be stopped once begun.
  11. Press the “Execute” button to begin the purge process

A note about Purge Speed setting: Generally, it is permissible to leave the Purge Speed to Fastest. When a database has a very large number of records and / or a very large number of simultaneous users, it may be advisable to chose “Faster” or “Normal.” Selecting Fastest, Faster, or Normal will result in each record in the database table being examined and processed individually.  To test the functionality and result of clearing the SecureData field, you may wish to locate the archived reservation with the oldest PickupTOD date (launch a Reservations Grid in Dispatcher, set the view to Archive, and sort by PickupTOD column). Set the next day as the Purge Before date and then use the “Fastest” setting.  Observe how the Purge function works. You can stop it if needed and can also then check the reservation and see how the Credit Card data in that record has been changed.  Once you are comfortable with the process, you can proceed to the “Fast Processing” option to complete the purge process in a much shorter time.

Clear Credit Card Transactions

If you use the HGTS application suite to submit credit cards to a processor, each card / reservation charged creates a record in a database table named CC Transactions. This table is used to generate reports. Some Dispatch grids may also pull and display information from this table. The steps below do not delete entries from the CC Transactions table, it only clears information from the previously mentioned SecureData field.  Reports and Dispatch grids should not be effected by the performance of this purging action.

     
  1. Login to HWeb Admin
  2.  
  3. Browse to Database Utilities -> Purge secure CC data -> CC transactions by transaction date
  4.  
  5. Purge BEFORE (Date field): Enter the desired date. Note: the SecureData will be cleared for all CC Transaction table records OLDER than this date
  6.  
  7. Select Purge Speed (See notes below)
  8.  
  9. Update Records
           
    • Unchecked - Returns list of how many records would qualify for processing
    •      
    • Checked - Actually results in records being processed and data cleared
  10. Fast Processing
           
    • Unchecked - process speed determined according to Purge Speed setting above. Purge process may be stopped or interrupted after beginning. Time to process depends on number of records being cleared. Can take several minutes or more.
    •      
    • Checked - Hides the Purge Speed drop list above. Results in very fast clearing of records (several seconds only). May NOT be stopped once begun.
  11. Press the “Execute” button to begin the purge process

A note about Purge Speed setting: Generally, it is permissible to leave the Purge Speed to Fastest. When a database has a very large number of records and / or a very large number of simultaneous users, it may be advisable to chose “Faster” or “Normal.” Selecting Fastest, Faster, or Normal will result in each record in the database table being examined and processed individually.  To test the functionality and result of clearing the SecureData field, you may wish to locate the CC Transaction with the oldest Transaction Date (launch a CC Transactions Grid in Dispatcher and sort by the Transaction Date column). Set the next day as the Purge Before date and then use the “Fastest” setting.  Observe how the Purge function works. You can stop it if needed and can also then check the CC Transactions grid and see how the Credit Card data in that profile has been changed.  Once you are comfortable with the process, you can proceed to the “Fast Processing” option to complete the purge process in a much shorter time.

Categories: