For new business owners, determining how people will pay for their goods or services is a primary concern. However, it’s a decision that might be easily overlooked as a new business moves to launch. Website design, shop fit-out, hiring employees and acquiring stock usually take priority leaving little time to consider backend setup. Depending on the type of business, there are several payment systems available to collect credit card information. Below, we outline the risks associated with collecting, storing and using credit card data and compliance with the Payment Card Industry Data Security Standards (PCI DSS).

What are the Risks?

Credit card fraud is a major problem in the Australian economy. Collecting and storing credit card information exposes you to unscrupulous individuals stealing the information to make illegal payments. Online payment systems such as eWay, Braintree and Paypal can afford to invest a considerable amount into developing secure systems and software which collect and store credit card data.

The increasing sophistication of hackers makes it crucial to store credit card details behind secure firewalls and other systems making it impossible to access such valuable personal details. If you collect credit card information, you will need to consider encrypting data in transit or otherwise restricting access to cardholder data.


If you’re still determined to collect credit card details online, then you will need to be familiar with the PCI DSS. The PCI DSS are a set of standards outlining how every entity which processes, stores or transmits cardholder data must protect this data. If you collect cardholder information, ensure that you are first prepared to meet these rigorous standards by:

  1. Building and maintaining a secure network by installing and maintaining a firewall configuration;
  2. Protecting cardholder data by encrypting the transmission of cardholder data across open, public networks;
  3. Maintaining a ‘vulnerability management program’ by using and regularly updating anti-virus software and developing and maintaining secure systems in general;
  4. Assigning each person with computer access a unique ID and restricting physical access to cardholder data;
  5. Regularly monitoring and testing networks by tracking all access to network resources and regularly testing security systems/processes; and
  6. Maintaining an information security policy which addresses all information security for all personnel.

The PCI DSS are strict standards, and you may be much better off handing control of cardholder data to a specialist while you focus on your new business. Alternatively, you should seek advice about complying with the PCI DSS so that you do not inadvertently allow someone to hack your server’s details, leaving you liable for cardholder losses.


In short, you should seriously think before you elect to collect and store cardholder information. You need to store information incredibly securely, which would best be done by specialists. If you collect data, you need to comply with the PCI DSS, and you should seek specific legal advice on how you can create a secure payments system. If you have any questions about compliance or how to store your data securely, get in touch with our IT lawyers on 1300 544 755.

COVID-19 Business Survey
LegalVision is conducting a survey on the impact of COVID-19 for businesses across Australia. The survey takes 2 minutes to complete and all responses are anonymous. We would appreciate your input. Take the survey now.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. For just $199 per month, membership unlocks unlimited lawyer consultations, faster turnaround times, free legal templates and members-only discounts.

Learn more about LVConnect

Chloe Sevil
Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.
Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2019 NewLaw Firm of the Year - Australian Law Awards 2019 NewLaw Firm of the Year - Australian Law Awards
  • 2020 Fastest Growing Law Firm - Financial Times APAC 500 2020 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer
Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at

View Privacy Policy