Important! New mandatory data breach reporting laws may impact your company.

Online clothing store? 7-Eleven? Insurance company? Regardless of your business size, industry or even country, if you are dealing with payments that capture cardholder information from major cards such as Visa, MasterCard or American Express then you must abide to the industry standards in regards to processing and storing that credit card information and PII (personally identifiable information).

The basic requirements for protecting and securing cardholder information include:

  1. A firewall in place to protect cardholder information

  2. Strong password protection

  3. Practise in place to protect cardholder information

  4. Encrypt transmissions of cardholder data across networks

  5. Anti-software on all systems

  6. Develop secure applications and systems

  7. Secure your system and applications

  8. Assign unique ID to each person

  9. Restrict access to cardholder data

  10. Monitor access to network and data

  11. Regularly test security systems

  12. Policy regarding information security

Why is it important? First off all it helps minimise your liability in regards to identify theft and credit card fraud. In the event of fraud due to the theft of cardholder information, companies must implement these controls to avoid fines and possible law suits. Then there is the question of reputation. Your business is only as good as people ‘think’ it is, and a scandal regarding personal customer information always has a negative effect on revenue, client relations and future customer acquisition.

A good example of why companies need to be vigilant with cardholder data is the Target breach of 2014. Target failed to protect its cardholder information, with more than 40 million credit and debit card numbers being stolen from its point-of-sale systems. Between 1-3 million of these were sold on the black market anywhere from $27-$135 each, and resulted in $53.7 million being stolen before credit card companies had the chance to respond. Target will now pay out $10 million to the fraud victims, and a further estimated $200 million will be spent by credit unions and banks in replacing the credit and debit cards.

Moral of the story? It will cost you more in the long run if you skimp on your IT Security, so be proactive and protect yourself and your customers.

 

Need help?

Want to make sure you’re secure and PCI compliant? Cybernetic Global Intelligence is a proud provider of PCI Compliance Audits. If you want more information about our PCI Compliance Audits or a FREE no obligation quote, please call us on: 1300 292 376, or email us at: contact@cybernetic-gi.com

Read Our Latest Blogs