 |
 |
 |
 |
Merchant Account TypesMerchant Account ProvidersNews & AdviceMerchant Account Tools |
 Print  Email Best privacy practices for businesses with merchant accountsPCI DSS outlines steps business owners need to take with customer card dataBy Jeremy M. Simon
Merchants need to be sure they are taking all the necessary precautions to protect their customers' credit card information. Losing customers' credit card information is an easy way to lose customers. The payment industry is attempting to police itself before legislators enact and impose their own regulations. The Payment Card Industry Security Standards Council's Data Security Standard is a group of standards commonly agreed upon by Visa, MasterCard, Discover, American Express and JCB, which must technically be met by any merchant that accepts credit cards. PCI DSS aims to protect consumer information from identity theft. Merchants who fail to comply with PCI DSS could suffer consequences, ranging from loss of the ability to process credit card transactions to fines of as much as $500,000. Certain types of businesses may require an audit by a PCI DSS certified security auditor. As for the basics of PCI DSS, information security policies are required to be written down. These policies should be clear to everyone, including employees, and should cover both PCI DSS requirements and the regulations of any states with which you do business. In order to protect a company's network, be sure to disconnect from the Internet when business is closed. An unattended network connection represents an opening for hackers. Think about whether you always shut down servers, network switches and routers; the more doors you lock, the safer you become. Additionally, do not put all your data onto a single server, since all your data will be in danger if that server is compromised. Major steps in the direction of meeting current and future compliance regulations include getting an additional server for sensitive data, limiting who has access, encrypting data and limiting connectivity to the Internet. Avoid using wireless networks when sensitive information is involved, since outside hackers can access wireless features on a laptop. Also, invest in encryption, so that you will not need to let clients know if you lose a laptop or are the victim of a data breach. Finally, be aware of the danger posed by employees. By limiting and knowing who has access to you system will help you meet the requirements of PCI DSS as well as allowing for regular monitoring to prevent data theft by employees. And, since employee negligence results in the vast majority of all losses, train your employees to protect business assets. Updated: June 18, 2009Comments or Questions, Library of Stories 
|
|||||||||||||
