What complicated things for me was that I have several credit card numbers that automatically re-bill on a monthly recurring basis. I needed to transfer these numbers from my old merchant to Stripe. The problem I faced was that the credit card numbers are stored through my merchant’s gateway in a way where I could only read the first four and last four digits. I needed to export the entire credit card number over to Stripe so that I could continue re-bill customers for their subscription plans without an interruption in their service.
I was advised to contact First Data to see what their data export procedures were. I did so and was told that they could not export the credit card information for me. I called back a few more times and spoke to different people, hoping I could get someone to help me out. I was repeatedly told that they did not have a way to export data to a new merchant. This essentially meant they were holding my customer credit card numbers hostage, and that they would not give me the information I had collected through my business. Their whole reasoning for not being able to provide me with the credit card numbers was that it would not be PCI Compliant.
After some arguing with a supervisor at First Data, they told me to contact their Customer Service department and they could give me the numbers. I contacted Customer Service and told them I needed to know the full credit card numbers for my recurring billing cards. The lady I spoke with said she did not have a way to digitally send them to me, but that she could give them to me over the phone. Yes, that is right – it is apparently perfectly PCI Compliant to read out full credit card numbers to me over the phone. So, that is what I had them do. I made the customer service department read aloud the full credit card numbers for all of my customers to me over the phone while I then copied them down on my end. I then took that information and manually inputted it into my new account as Stripe. Talk about a ridiculous process. It seems to me that this misses the point of PCI Compliance completely. I would complain about it more, but for now am just happy to have my credit card information so that I can continue charging my customers seamlessly.