Protecting Cardholder Data
Card numbers: protect them or...!
Who isn't concerned these days and cautious about identify theft and misuse of payment card account numbers? In 2009, identity theft in the United States affected an estimated 1.1 million adults, with related total payments fraud estimated at $54 billion. "Businesses and financial institutions are more susceptible than ever to leaks, cyber-attacks, malware, and data breaches." (Source: Javelin Strategy & Research; "Identity Fraud Survey Report;" 2010.) In high-risk settings, such as businesses that electronically store customers' cardholder data, privacy of data is a serious issue.
WHAT IS DATA SECURITY?
Is your electronically stored data protected against intentional and unintentional corruption and unauthorized access and use? Data security, in general, is a term referring to ways of maintaining the integrity, security, and privacy of electronically stored data and preventing undesirable outcomes.
WHAT IS THE PAYMENT CARD INDUSTRY DOING ABOUT IT?
In response to a growing threat to the privacy and security of cardholder data, the Payment Card Industry Security Standards Council was formed by the major card brands, which together developed Payment Card Industry Data Security Standards (PCI/DSS), "to help facilitate the broad adoption of consistent data security measures on a global basis." (Source: www.pcisecuritystandards.org.)
Compliance with PCI/DSS is mandated for all businesses and organizations accepting electronic payments or storing, processing, or transmitting cardholder data. This includes eCommerce web-sites, retailers, financial institutions, merchants, and service providers. Compliance requirements vary, depending on the annual number of payment card transactions a firm processes per year and its data security history, and range from a simple annual on-line survey for small-volume organizations to periodic on-site audits for the largest firms.
WHAT CAN COMPANIES DO NOW?
Data security, which builds customer confidence, is something to be addressed early-on through PCI compliance. Many companies are learning that PCI data security standards are a welcome guide that is helping them meet their own data security objectives.
Complete information about the Council, its standards, and certified support professionals such as Qualified Security Assessors and Approved Scanning Vendors, is available at www.pcisecuritystandards.org.
Larry Gantman, Payment Options; 1-562-598-0356 Email Larry
Payment Options provides electronic payment systems and services to the B2B community, including electronic check, credit card, and other merchant services. Payment Options can help you in the following areas: Invoice payments B2B, electronic payments B2B, electronic payment services B2B, credit card services B2B, merchant services B2B, electronic checks B2B, electronic check payments B2B, ePayments B2B; ePayment services B2B, and eChecks B2B.