All businesses have a lot of responsibility, but none is greater than the responsibility of maintaining the integrity of the consumer by protecting their credit card information. Businesses that process credit card transactions are obligated to safeguard customers’ credit card information and be PCI Compliant. PCI Compliance includes assessment of how businesses store credit information as well as the equipment and service providers they use. The following tips will help you to properly handle credit card account information:
Ensure your equipment and software are PCI approved There is a lot of equipment available in the world that is not PCI Compliant. Even if the equipment is specifically sold for credit-card transactions, it does not mean that it is safe. Everything from a terminal for Point of Sale transactions to a card-swiper must be PCI Compliant, and proven to be so. If a hardware or software vender is reputable it will conduct rigorous testing to ensure the integrity of their products and be happy to explain their process to make you feel at ease with their product. Don’t use an unknown service provider If you do not feel comfortable or like dealing with the hassle of credit card processing software yourself, you can use a service provider such as web-based software services, phone services, or companies which outsource all payment processing functions. In order to earn the trust of both businesses and consumers, these service providers undergo extensive tests conducted by an external Qualified Security Assessors who performs comprehensive audits of all the ins and outs of a company’s systems etc. When looking for an external company, look for one that is labeled a “PCI DSS Validated Entity.” As part of your PCI compliance, you are required to use only PCI DSS Validated service providers. Never store electronic track data or the card security number in any form. It is against the law to store any credit card information for any reason. The card security number (or CID) is the three-digit number on the back credit cards and is designed to provide a way for merchants to know whether a customer authorizing a transaction over the phone or via the Internet actually has the card in their possession. This approach only works if the security code is never stored with the card number– which is why companies are not allowed to store the information Do not store security codes or track data, even by accidentally storing credit card information automatically with your hardware/software. Encrypt and Protect Everything
- Electronic storage: Although it is illegal to record credit-card information, any that is recorded, even for a moment, must be encrypted.
- Phone Recordings: Make sure that any phone recordings you have used for customer service are not robbing your customers of their credit card information. All phone calls that are recorded by your company or any telephone answering services that your company employs must be able to prove that their phone recordings, which may include credit-card information, are encrypted.
- Paper Storage: You must ensure that all paper storage is securely locked, shredded, removed etc.
In following these principals, you can ease your customer’s fears, insure the security of your own company, and have a prosperous business. Credit-card security is a mounting concern and the need for security has never been greater than it is now.If you’re interested in learning more about how you can pursue a career in cyber security, click here.