Jane Haley 2017-10-03 02:04:05
IF YOU ACCEPT CREDIT CARDS, IT IS YOUR JOB TO PROTECT CUSTOMERS’ DATA “If it ain’t broke, don’t fix it!” “I have no idea who processes our credit cards, but it works!” If your business accepts credit cards for payment, you are obligated to keep your customers’ information safe from attack. You need to know “how it works even if it ain’t broke!” Many businesses, however, especially small- to medium-sized companies, are unsure of how much security is required and how much is enough. Here are three common myths about data security and how to address them. 1.BREACHES ONLY HAPPEN TO BIG-BOX RETAILERS The Verizon 2017 Data Breach Investigations Report indicated 61 percent of data breach victims were businesses with under 1,000 employees. Small to medium businesses are highly vulnerable. Why? Because they typically are less sophisticated technologically, making them an easier target for hackers and carders. The main purpose for businesses that store, transmit or process credit cards must be to guarantee that they have a secure Cardholder Data Environment (CDE). Treating compliance as a one-time annual event and only focusing on the compliance assessment survey can create a false sense of security. Therefore, businesses must implement compliance procedures by identifying all locations and flows of cardholder data, ensuring all applicable system components are included in scope for the PCI Data Security Standard (PCI DSS). To help businesses understand and implement standards for security policies, technologies and ongoing processes that protect their payment systems from breaches and theft of card holder data, the PCI Security Standards Council (PCI SSC) adopted a standard 12-step requirement (see chart). 2.PCI COMPLIANCE IS TOO EXPENSIVE The cost to a business that misses the PCI boat can be endless. The requirements to maintain PCI compliance may seem like a lot of work and money, but the flip side can be catastrophic. If your business suffers a data breach, and the result of the PCI DSS forensic examination (which is paid for by the business), determines you are not compliant, you are subject to fines against your business. The fines can range from $5,000 to $500,000. You also may be fined $50 to $90 per cardholder that was compromised. And there is more. Most states require you notify your customers that their financial information may have been compromised. And you probably will have to do it more than once. You may also be required to provide a years’ worth of credit card monitoring for each cardholder, and don’t forget about the liability lawsuits. The out of pocket expenses is just the beginning. You will be affected by damage to your brand, customer trust, social media, internet posts and potential loss of payment card acceptance privileges. Yep, you could truly be a cash and carry business. Lastly, how valuable is your time? Understanding and complying with PCI DSS is a necessary cost of doing business. The best way to protect your business is with a thorough and ongoing data security program that is constantly evolving. 3.ONLINE E-TAILER FRAUD Online fraud rates at retail merchants doubled in 2016 due to the release of an embedded microchip in your credit card. The EMV chip card has made it increasingly more difficult to counterfeit, clone, alter and forge (CAF) breached cards that are available for purchase on the dark web. The fraudsters didn’t go away, they just shifted their focus to the online channel that has weaker authentication protocols. Online businesses face their own specific set of challenges because all sales are made as a card not present (CNP) transaction. But there are red flags to look for and safeguards to put in place that will help reduce your exposure and losses. Most integrated gateways offer a fraud profiling service. These services cross-reference IP addresses, names, previous purchases and more. This allows your business to make a more informed assessment about each transaction. Use CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). It is easy to implement, provides a solid defense for your website and an efficient way to prevent bots from spamming your website. There are many free options, including Google. Use a trust mark security service that scans for malware and vulnerabilities daily. These services will help you avoid and/or catch any problems quickly. They also increase consumer trust since there are so many sites available, it is often hard to tell which ones are safe. Always use the most updated version of your software. Updates typically include critical security patches. A vulnerability on your server, even if it’s not in your e-commerce software, opens a back door to your customer data and other sensitive information. Limit the number of declined transactions. Scammers try to make fraudulent transactions where many credit card numbers are tried in succession. The solution is to restrict the number of times a user can incorrectly enter the card. Here are some additional steps that you should take to reduce your likelihood of fraud: Always be wary of expedited shipping requests, especially when the billing and shipping address differ. Use the internet to verify. Also, don’t allow for change of address after the sale has been processed. A good deterrent is to add security disclaimers to your website such as “ABC, LLC has a reputable shipping company for all purchases. We will not allow for courier changes.” This will deter fraud trolls, as they will move on to a site that does not have security disclaimers. Always require the three-digit security code. It is not stored in the card or embossed, so it not easily retrieved. Make sure you understand your security settings on your site and gateway and make sure they are set correctly before you run your first transaction. Lastly, don’t forget your common sense and industry experience. If it looks like a duck, quacks like a duck and walks like a duck, it is a duck. Jane Haley is a senior account specialist at Paysafe, STAFDA’s global payments partner for over six years. Call Jane at 877-421-5990 ext. 180 or email email@example.com. Learn more at www.paysafe.com.
Published by Direct Business Media. View All Articles.
This page can be found at http://pubs.royle.com/article/Credit+Card+Security/2899509/442444/article.html.