Labor Day has come and gone, and the “official” start of fall—September 23—is almost here. This means we will soon be entering the holiday season when crime rates steadily increase as fraudsters devise new schemes to fund their activities. With that in mind, it’s time to start buckling down and going the extra mile to lock down and secure your customers’ card data. Here are a few pointers.
Insist on PCI Compliance
Working with a certified PCI-compliant payment processing company whose payment processing solutions and services all adhere to the Payment Card Industry Data Security Standard (PCI-DSS) is one of the best ways for businesses to protect the privacy and integrity of their customers’ card data. Mandated and administered by the Payment Card Industry Security Standards Council, the PCI-DSS was created to reduce credit card fraud by tightening controls around credit card data.
Payment processing companies must, depending on which of multiple levels to which the Council assigns them, comply to various extents with measures stipulated by the PCI-DSS. E-Complish is a Level 1 PCI-DSS 3.2 Service Provider (the highest level). In order to be certified and re-certified as PCI-compliant, we must undergo an assessment by a third-party Qualified Security Assessor (QSA) to evaluate our satisfaction of requirements contained in 12 sections of the PCI-DSS. Together, these requirements encompass more than 300 elements with thousands of pieces of evidence and inspection that must be obtained by the QSA during their assessment.
Businesses should also make certain to comply with PCI-DSS requirements that dictate how they handle, use, and store card data. According to the PCI-DSS, the only permissible way for merchants to store card data is on devices that require PIN (personal identification number) entry and on payment applications certified by the Council to be in compliance with its Payment Application Data Security Standard (PA-DSS).
Harness encryption and tokenization
Both encryption and tokenization protect stored card data by making it unreadable/unusable. Encryption encodes the data so that only authorized parties can access it. In tokenization, a sensitive data element (such as a credit card number) is replaced with a non-sensitive element, or token, that has no meaning or value. The token acts as an “identifier” of the sensitive data and links back to it via a tokenization system. Reputable payment processing companies like E-Complish harness strong encryption and tokenization in their solutions and services.
Take Physical Precautions
Closeout merchant terminals daily. Limit access to card data to those whose job responsibilities require that they “interact” with it.
When it is necessary to store card data on paper—for instance, in the case of merchandise orders accepted by mail or patient records, do so under lock and key. Don’t leave documents in unlocked file cabinets or on a desk, where unauthorized staff members (or other unauthorized parties) can easily view them. Shred documents pertaining to specific card transactions as soon as these transactions have been processed.
Data breaches that result from careless handling and storage of card data may not be entirely preventable, but why risk such an occurrence—and your reputation, as well as potentially stiff financial penalties—when it is not difficult to take precautions with data storage? Following the above tips should decrease business’ potential to fall prey to fraudsters during the holidays—and any time of year. Learn more about how E-Complish can help by clicking here.