Helcim Credit Card Data Migration
We believe stored card data belongs to our merchants, and that they should be able to both import their cards to Helcim, or export to another service provider - free of fees or penalites.
Below are step-by-step instructions for importing and exporting cards. Due to the sensitive nature of the information and the manual processes involved, data migration is a one-time service per merchant and exports can only be made to another PCI Level 1 Service Providers with a valid AOC (Attestation of Compliance). Please allow 5 business days for completion.
Please note that you should never email credit card numbers to Helcim, even if encrypted.
Importing Credit Cards to Helcim
At minimum, you need to provide us with a full credit card number and expiry date, as well as some type of identifier (such as customer ID or customer code) so that each credit card can be linked to a particular customer in your Helcim database. Each credit card entry should have its own row (line), and the file should be in a CSV or Excel format. Below are the steps to complete an import:
- Generate a private key and public key using your GPG client.
- Send your public key to your Helcim representative by email.
- Helcim will use your public key to encrypt the login credentials to our SFTP server. These encrypted credentials will be emailed back to you. You will decrypt these using your private key.
- Using Helcim's public key (shown below), encrypt your CSV or Excel file containing the data.
- Upload the encrypted data to our SFTP server and notify Helcim of the file's transfer.
- Helcim will decrypt the file using our private key and import the data.
Exporting Credit Cards to Another Provider
In order to transfer your credit card data to another provider, we will need their attestation of compliance (AOC). They must be a PCI-DSS Level-1 service provider and be accredited on Visa's CISP list. The export data is in CSV format, and will contain the full credit card information as well as corresponding customer information (if available). Below are the steps to complete an export:
- Helcim will email your new service provider with its public key, and ask for them to do the same.
- Helcim will request from the new service provider their SFTP credentials. Service provider should encrypt the SFTP credentials using Helcim's public key.
- Using the new service provider's public key, Helcim will encrypt the data and upload the encrypted file to the new service provider's SFTP server.
- The new service provider will have the ability to decrypt the data using their private key.
Helcim Public Key
Length: 4096 Date Issued: April 26, 2019 Expiry Date: April 26, 2021 (expand code window to the right to see key)