Wednesday, April 20, 2011

Protecting your customer’s personal information is a great liability and responsibility for a business once a merchant account to accept credit cards for your business is established.

The question is, “Where does my responsibility begin and how is my business liable? In 2006, to make sure that businesses are complying with security standards, the major credit card companies, Visa, MasterCard, American Express, and Discover, collaborated and established security guidelines. PCI DSS, which is an acronym for the Payment Card Industry Data Security Standards, envelops everything from the physical security of credentials to making digital files indecipherable to potential crooks. These rules remain just as relevant today, as cyber criminals incessantly search for new ways to embezzle credit card information.

When taking steps to protect consumer’s data and prevent security breaches, merchants must at least meet the minimum requirements set forth by PCI DSS. Merchants that accept electronic payments must be fully aware of these security guidelines. Whether it’s Wall Street or Main Street, the guidelines that were created by PCI DSS apply to all businesses globally. Below is an overview of the PCI DSS standards:

1. Build and maintain a secure network

• Install and maintain a firewall configuration to protect cardholder data.

• Do not use vendor-supplied defaults for system passwords and other security parameters.

2. Protect cardholder data

• Encrypt transmission of cardholder data across open, public networks.

• Protect stored cardholder data.

3. Maintain a vulnerability management program

• Use and regularly update anti-virus software or programs.

• Develop and maintain secure systems and applications.

4. Implement strong access control measures

• Restrict access to cardholder data by business need-to-know.

• Assign a unique ID to each person with computer access.

• Restrict physical access to cardholder data.

5. Regularly monitor and test networks

• Track and monitor all access to network resources and cardholder data.

• Regularly test security systems and processes.

6. Maintain an information security policy

• Maintain a policy that addresses information security for employees and contractors.

Please refer to for more information.

Merchants that break these rules can be fined. Upon such a security breach, fines are originally charged to the merchant's bank. At that point, the bank will pass on those charges to the merchant.

A larger concern is if the merchant loses a cardholder’s information. Under the state data breach notification laws, businesses that fail to guard their customers' information must admit the theft. The fines are going to be the least of your worries. Now, because it’s a good possibility your customer will not return, the damage is done and you have just lost business.

Whether it’s at the airport or at your home, security is a top priority. To stay competitive, businesses must establish a merchant account for credit card processing. Protect your customers and your business and secure your electronic transactions.

No comments: