PCI Compliance and storing credit card data


Unless your business is Payment Card Industry Data Security Standard (PCI-DSS) compliant, you are not allowed to store credit cards in a non-secure manner (that is, in a manner that you can actually read the digits of the card, the expiration date, or the CVV code). Tock uses a third party credit card processor to store all payment credentials to meet the stringent requirements of PCI-DSS.

Storing credit card information in Guest Notes, Visit Notes, or Day notes is not permitted under the terms of Payment Card Industry rules and regulations. In addition, it is neither permitted under your contract with Tock nor the terms of Tock’s contract with our payment processor.

If you wish to store any credit card information via Tock (including card number, card expiration date, or CVC code), you must use the “Enter payment card details” screen in Tock’s “Book Reservation” flow which will securely store the cardholder data with our credit card processor. Be sure to tick the “Save credit card?” box to save the cardholder data.