Why businesses really should care about Payment Card Protection
Whether it’s a restaurant you are dining in or a shop you know well, handing over your credit card opens up all sorts of opportunities for hackers keen to get busy with your finances.
Computer hackers spot weaknesses in security and can reach customers personal information through their credit cards. Once exposed credit card details take on a new lease of life, they can be used to do all sorts of damage if stolen either sold on the web or used to make fake credit cards that just keep on spending.
To reduce the risk of fraud, major card companies such as American Express, Visa and Mastercard established standards by way of the Payment Card Industry Data Security Standard (PCI DSS). This is a series of standards that businesses must adhere to where they transmit, process and store payment card data.
PCI DSS Categories
There are six categories that make up PCI DSS and these include actions to:
1. Set up a firewall and passwords – maintain a secure network with unique high-security passwords replacing default passwords where necessary.
2. Protect cardholder data – the magnetic stripe holds data, this and information such as the primary account number, cardholder name, expiration date, service code should never be stored anywhere. Always encrypt data passed across public networks, including your website shopping cart and web-hosting providers.
3. Implement a vulnerability management programme – use antivirus software and keep it up to date. Maintain secure operating systems and payment applications and ensure both are compliant under PCI DSS.
4. Ensure strong access controls are in place – access to both electronic and physical cardholder data should be on a “need-to-know” basis. Ensure unique ID and passwords are used by key personnel and do not share log in information.
5. Monitor and test networks – ensure you have a regular testing schedule for security systems and processes such as firewalls and antivirus.
6. Maintain an information security policy – crucial to this is the need to have policies in place to oversee how data security is handled within your business. Ensure policies are updated regularly and personnel know their roles and responsibilities.
The standards that make up PCI DSS are an obligation enforced by banks that establish service agreements with businesses that operate credit card systems.
PCI DSS Compliance Levels
There are four levels of PCI DSS Compliance with Level 1 being the highest. The level depends on:
- the volume of transactions processed
- how the transactions are processed (how the payment gateway is used)
|Level 1||Level 2||Level 3||Level 4|
|Businesses processing 6 million + transactions per year||Businesses processing 1 – 6 million transactions per year||Businesses processing 20,000 to 1 million transactions per year||Businesses processing less than 20,000 transactions per year|
Any company that operates credit card transactions but does not comply is in serious danger of being put out of business. If a security breach occurs, not only is the company’s reputation at risk but they will be forced to cover costs such as forensic investigations, fraudulent purchases as well as the cost of credit card replacements.
What if businesses don’t comply?
To manage the risk of credit card fraud and being investigated by the credit card companies, more and more businesses are working with information security experts such as The Agenci. Experts who assess and implement tools that enable businesses to secure their business information, ensure compliance with PCI DSS and ultimately provide peace of mind everything is covered.
By becoming compliant and adhering to PCI DSS businesses minimise the risk of a breach or loss of profits and avoid heavy fines associated with a data breach.
For more information about PCI DSS and how Agenci can help with compliance, please contact a member of our team on 0113 366 2037.