Is It Unethical For Businesses to Store Credit Card Information?

Most businesses are privy to private data of their clients, including their credit card information. The security of consumer credit card information is a significant issue from technological and strategic perspectives. Most consumers are against the notion of businesses storing consumer credit card information due to fear that consumer information might be compromised. Ethical concerns arise due to cases of companies being exposed to misusing credit card information or selling consumer data to third-party vendors. Fortunately, the PCI and HIPAA regulations exist, which ensure that companies that accept and store credit card information follow the guidelines that warrant that consumer information is protected against privacy violations, misuse, and attacks from hackers. It is not unethical for businesses to store credit card information because it promotes convenience for customers to avoid re-entering their information when shopping and allows companies to charge clients for money owed automatically. On the other hand, the Christian perspective urges believers to avoid debts and putting their trust in lenders. Furthermore, the Bible tells Christians to conduct themselves in fear, as they would be judged according to their deeds. While the secular and Christian perspectives are similar in advocating for businesses to handle themselves in integrity when handling consumer credit card information, the two differ in the idea of engaging in this practice to make purchases on credit.

A Bankrate poll indicated that 64% of American consumers store their credit card information online as they believe that their data is safe (Larson, 2019). Thus, safety issues are not a concern to most American consumers. The poll also indicated that most consumers have the habit of saving their credit card information on mobile payment applications, including Google Pay, Samsung Pay, and Apple Pay (Larson, 2019). Unfortunately, most consumers choose saving time due to the convenience of shopping online with their credit information stored on the payment platforms without considering safety concerns. The Bankrate poll also indicated that most consumers trust that the companies storing their credit card information are looking out for them. Most American consumers trust their companies and believe that they will resolve any issues that may erupt concerning their credit card information (Larson, 2019). However, Jackson (2019) asserts that consumers are becoming more concerned about privacy and security issues as more companies are falling prey to hackers.

Ethical Concerns about Storing Credit Card Information

There is a surge in companies being exposed to privacy violations, misusing consumer data, and unethical online marketing practices. Such cases have Tepper (2019) agrees with these observations that an estimated 80% of American consumers own a credit card. Transactions involving a credit card have a bounty and other benefits in the form of free flights or chargebacks. These offers have made many consumers look out for such offers and bounties as they are allegedly free. However, Tepper (2019) asserts that most consumers are unaware that there is nothing free about these offers. What consumers do not know is that businesses with credit card information track consumer data to identify the most effective offers that will spike the interests of consumers. Banks earn from interchange fees by partially financing credit card offers through charging the stores. On their part, merchants raise prices on shoppers to get back the money used on the bounties (Tepper, 2019). Furthermore, banks profit from late-payment fees, interests, and annual fees.

Consumers end up paying higher prices for most products so that banks and merchants can compensate for the offers and bounties provided for consumers. However, consumers do not know how the interchange system works. As a result, consumers end up spending more money on offers, as they get charged more from their cards. Another ethical issue associated with storing consumer credit card information is whether companies are invading the consumers’ privacy. Secondly, consumers do not have a guarantee of whether companies are making ethical decisions using their cards. Thirdly, there are concerns about whether consumers know the information collected from them (Jackson, 2019). Wilson et al. (2018) assert that companies that store consumer credit card information should comply and follow the rules outlined by the card brands. However, there is no way for consumers to ascertain whether the companies holding their credit card information are abiding by the PCI rules.

Why Businesses Store Credit Card Information

Technological developments have resulted in many consumers opting to make purchases online. Furthermore, credit cards have made it easier for people to carry money virtually instead of moving around with bulk amounts of money. Storing credit card information is a convenient strategy for many businesses. Many merchants prefer to store consumers’ credit card information as it allows consumers to make purchases without having to re-enter their information (Wilson et al., 2018). With credit card information in a database, it becomes easier to automatically bill a credit card, making the transaction seamless and fast (Fox, 2019).

According to Huggins (2019), many companies prefer to store consumer credit card information to avoid losses from situations where a client has failed to pay for products or services they owe a business. A company can automatically charge a client if one fails to show up, thus automatically collecting the amount owed. Most companies store consumer credit card information from the free trials that most of their products have. Most consumers do not realize that these companies still hold their credit card information even after the trial is over (Larson, 2019). Primarily, businesses store credit card information by scanning both sides of a credit card and storing their information in a file or an electronic system. However, Fox (2019) outlines that this method might be risky as a business owner cannot monitor those who have access to the files. Therefore, making copies of the credit card information is risky as it exposes data to malicious parties. Instead, companies can utilize software and services from third-party providers to ensure that credit card information is stored in a server of a system that is less likely to be compromised. Businesses also prefer to store consumer credit card information to aid in their marketing in terms of targeting and segmentation (Jackson, 2019). Storing consumer credit card information allows businesses to track their shopping habits and preferences. This data can prove to be useful for tailoring search results and ads to suit consumers’ preferences. Consequently, marketers can present consumers with ads that suit their needs instead of showing random and unnecessary ads that might prove annoying to consumers.

The Christian Perspective on Storing Credit Card Information

According to Biblical principles, Christians should not take part in evil practices. Ephesians 5:11 urges Christians not to “Take no part in the unfruitful works of darkness, but instead expose them.” Similarly, storing credit card information is not unethical. However, what matters is how businesses use the data in the interest of consumers who have trusted them with sensitive information. Furthermore, Peter 1: 11 asserts that God “judges impartially according to each one’s deeds, [so] conduct yourselves with fear throughout the time of your exile.” In the same manner, businesses will be judged for how they treat their consumers and their private information. On the other hand, the Bible urges Christians to avoid debt and to also ensure to pay their debts. Therefore, the notion of storing consumer credit card information to make automatic deductions for money owed goes against Christianity principles. According to Proverbs 22:7, The rich rules over the poor, and the borrower becomes the lender’s slave.” Therefore, when businesses store consumer credit card information, they increase the tendency of consumers going into debt with the mentality of paying later once funds hit their accounts.

Comparison between the Contemporary and Christian Perspectives

There are various similarities and differences between the secular worldview and the Christian perspective on storing credit card information. Similarities exist in the issue of confidentiality and integrity when handling private consumer information. According to Titus 2:7, a Christian should “Show yourself in all respects to be a model of good works, and in your teaching show integrity, dignity.” Therefore, businesses that store consumer information are urged to be a model of good works by ensuring that they uphold the trust their clients have in them to handle private data. Furthermore, the Bible outlines that whoever slanders his neighbor secretly I will destroy. Whoever has a haughty look and an arrogant heart I will not endure (Psalms 101: 5).” According to this verse, businesses must protect consumer credit card information from misuse or hackers. In the same manner, the Payment Card Industries Securities Standards Councils (PCI) is a security and safety standard that requires businesses to conduct a risk analysis and management process coupled with implementing various security measures (Huggins, 2019). MasterCard, Discover, Visa, and American Express created PCI to protect consumers and card brands. Accordingly, the PCI provides guidelines and provisions that the businesses must follow to minimize data security breaches (Fox, 2019). According to HIPAA Journal (2017), PCI applies to all businesses that accept credit cards as a payment system. Moreover, PCI applies to all companies that handle, store, or process cardholder data. Violations of the PCI guidelines can result in adverse legal ramifications. In this manner, businesses are advised not to file consumer credit card information, record them into a logbook, or enter the card numbers into a spreadsheet.

While the secular worldview believes that storing consumer information is essential to make deductions for money owed, the Christian view advices against debt. According to the secular worldview, it is not unethical for companies to store consumer credit card information because this gives a firm the power to deduct payments from a client’s card even without their knowledge. Consumers have the right to know when deductions are made on their cards. However, most companies, particularly, therapists, have the habit of implementing a policy that requires clients to provide credit card information for storage and later use. Fortunately, under the HIPAA and PCI provisions, companies are obligated to obtain consent from consumers before making charges on their credit cards.

A client will have to sign to provide evidence of consent to the charges made on their cards. Without this, a client has the liberty to request a chargeback (Huggins, 2019). Nevertheless, there are several advantages to holding credit card information. Businesses have a safety net as they can collect money, and deductibles owed to them as long as a client is aware of the existence of such a procedure. The Christian perspective on the other hand urges believers to avoid the habit of borrowing money of putting their trust in lenders. Proverbs 22: 26-27 outlines that Do not be among those who give pledges, among those who become sureties for debts. If you have nothing with which to pay, why should he take your bed from under you?.” Christians are urged against allowing their information to be stored online to purchase things and make payments later.

Regulations about Storing Credit Card Information

There are various risks to storing credit card information online. First, storing credit cards online introduces the risks of being victims of hacking, thus ending up losing their money. HIPAA outlines the security issues associated with electronic payment systems (Huggins, 2019). This regulation requires businesses to ensure that the right protocols are followed to guarantee the safety and privacy of credit card information. Thus, it is ethical for businesses to store credit card information, as there are steps taken to ensure that clients’ credit card information’s privacy and security are guaranteed. Most importantly, businesses are advised to confirm whether it is possible to retrieve the full account number of clients’ credit cards from their systems. If that is the case, then such a business is not compliant with the PCI-DSS and is subject to security breaches (Fox, 2019). Such a business faces the risk of penalties and fines from credit card companies. Moreover, consumers can sue a business if the credit card information is stolen due to negligence on the part of the business. Expressly, companies are advised to store their consumer’s credit card information using a merchant service provider. This way, it becomes easier to guarantee the safety of consumer’s credit card information. 


Companies that store consumer credit card information should know the ethical and legal issues involved in handling private consumer information. According to the Web Analytics Code of Ethics, businesses should disclose their consumer data practices to their clients (Hanks, 2017). Along these lines, clients should be aware of how their credit card information is used, including whether it is sold to third party vendors. According to the PCI guidelines, all organizations that use or store credit card information are mandated to install a UTM appliance or firewall to act as a defense against hackers that might attempt to access sensitive data. Organizations have the responsibility under the PCI and HIPAA to implement appropriate security measures to ensure that credit card information stored on the servers, cloud, or mobile devices are protected against malicious attacks (HIPAA Journal, 2017). Companies should also conduct regular tests on their security systems to ensure that all risks are identified and eliminated, especially when they are changed or upon the introduction of new technologies.

Additionally, organizations should advise consumers on using passwords that are not easily accessible. Changing them often is another strategy in protecting consumer credit card information. Another element to note is that businesses should restrict access to consumer credit card information to the minimum amount in their business entities. Therefore, not all personnel in a business organization should have access to the stored consumer credit card information. Companies should also track and monitor cardholder data to identify those who have access to the stored credit card information (HIPAA Journal, 2017). Encryption is another method businesses can use to ensure that messages and sensitive consumer data are impenetrable (De Vivo & Gamess, 2017). This makes it impossible for unauthorized personnel to access sensitive information. Therefore, the encryption of customer information promotes the integrity and confidentiality of sensitive information.

Overall, it is not unethical for companies to store credit card information because it allows seamless transactions when shopping. It also provides a guarantee for businesses that they will receive any money owed. The debates over moral and ethical concerns are increasingly on the rise due to online commerce’s upsurge. Advances in internet technology have made it easier for consumers to conduct transactions online or pay for services and products using credit cards. This eliminates the burden of having to carry bulk amounts of cash around when shopping. However, this trend of using credit cards in making payments has resulted in many businesses opting to store their consumers’ credit card information. Primarily, businesses store their consumers’ credit card information to avoid the trouble of having to re-enter client information when making payments. Furthermore, businesses have a guarantee of receiving the money owed as they can make automatic deductions from their clients’ credit cards in case of late payments. Companies can also track and collect data from their clients’ spending habits, thus tailor their marketing to suit the preferences and needs of their clients. Due to these reasons, it is unethical for businesses to store their consumer credit card information due to the many benefits and convenience it offers to both companies and clients. Furthermore, there are rules and regulations in place as mandated by the HIPAA and PCI to govern the storage of credit card information by a business. These regulations ensure that consumer information is protected from hackers or any form of privacy intrusion. The Bible urges everyone to follow the law while on earth, therefore, every business should make sure they do the ethical thing and protect the consumers’ credit card data.


Bible, K. J. (2000). The Holy Bible KJV.

De Vivo, D., & Gamess, E. (2017). Application to Quickly and Safely Store and Recover Credit Card’s Information, using Tokenization and Following the PCI Standards. International Research Journal of Engineering and Technology (IRJET), 4(8), 1446-1492.

Fox, V. (2019, February 21). Is it Illegal to Have Copies of Credit Cards in an Office? Biz Fluent.

Hanks, G. (2017, November 21). E-Business Ethical Issues on Selling Personal Information. Chron.

HIPAA Journal. (2017, November 20). PCI and HIPAA Compliance Comparison.

Huggins, R. D. (2019, December 14). Holding Client Credit Card Info On File: Why and How To Do It. Person Centered Tech.

Jackson, A. (2019, May 8). Should consumers be concerned about businesses tracking data online? Mike Ilitch School of Business

Larson. K. (2019, October 26). Why You Shouldn’t Save Your Debit or Credit Card Numbers on Store Websites or Apps. Fortune.

Tepper, T. (2019, March 11). The Credit Card Rewards Game Is Unfair-But Is It Unethical? Wirecutter.

Wilson, D., Roman, E., & Beierly, I. (2018). PCI DSS and card brands: Standards, compliance and enforcement. Cyber Security: A Peer-Reviewed Journal2(1), 73-82.

error: Content is protected !!