The Jonajo Blog

NEVER store these 5 Types of Customer Data

What is one of your most important assets in running a business? Your customers! Without customers, you don’t have a business. This is why it is important to safeguard your customer data with the highest levels of security. However even if your database is highly secure, here are 5 types of customer data which you should NEVER store in your database.

1. Credit Card Numbers

As a business, you should NEVER store credit card numbers in your database. Credit cards are the type of customer data which are highly regulated and are illegal to store in your database unless your company is PCI DDS compliant. The average fine for a data breach is $36,000. Only companies that are compliant to the Payment Card Industry Data Security Standard (PCI DDS) may store credit card information if they have a legitimate business reason. If your business has a reason to “keep a credit card on file”, you’d better be PCI DDS compliant, or use a payment processor which is PCI DDS compliant and can store credit card information for you.

2. Social Security Numbers

Social Security Numbers are a type of customer data which is Personally Identifiable Information (PII). As such Social Security Numbers are a prime target for identity thieves. Unless your software uses very strong encryption and only displays the last 4 digits of these Social Security Numbers, you should NEVER store these in your customer database.

3. Medical Information

Any medical information such as medication taken, doctor appointments, prescriptions, blood test results are considered Protected Health Information (PHI). PHI is regulated by HIPAA which requires your company to be HIPAA compliant. Unless you are HIPAA compliant, NEVER store medical information as customer data.

4. Passwords

If you require your customers to login to your customer portal using passwords, you may want to store and encrypt your users’ passwords, right? While many applications do this, it gets increasingly more difficult to protect passwords and store them securely. Unless you have a strong software development team, you are better off allowing your customers to access your customer portal using their Google ID or Facebook ID by integrating your customer portal using OAUTH. Most people re-use their passwords on multiple sites, so passwords are NOT the type of customer data which you want to store.

5. Security Questions

Have you ever had to answer questions such as your Mother’s Maiden Name or the name of your favorite pet? These are type of customer data that are often stored in a database as plain text. Furthermore, they are easy to find out using social engineering and other hacking techniques. Identity thieves hack databases and look for passwords and security data. Unless you know how to ask and secure security questions, you should NEVER store them as customer data.

If you are storing any of these 5 types of customer data in your database, and you don’t know how to handle them securely, contact me for a FREE consultation.


About author View all posts

Kristian Widjaja

Kristian Widjaja is the Founder and President of Jonajo Consulting. He has over 20 years of experience in Silicon Valley companies such as Oracle, PayPal, and various startups.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.