Link to VDTA SDTA homepage
-- Advertisement --
Rotho Advertisement
Dealer Finder   |   Consumer Info   |   Membership Info   |   BESF Scholarship   |   Educators   |   SEA   |   Conventions
Magazines   |   Classified Ads   |   Breaking News   |   Las Vegas Conv   |   Round Bobbin Expo   |   Contact Us

Member Benefits

Many aspects of data protection

Check every link in your data/customer information security chain

by First Horizon Merchant Services

Experts agree that all merchants need to implement a comprehensive security program to comply with the PCI (Payment Card Industry) Data Security standard, regardless of the size of the company. Requirements for PCI compliance vary based on a merchant’s annual volume of transactions. But it takes only one incident of data compromise to put any merchant into Level 1, where annual on-site PCI assessments and quarterly network scans must be validated by an outside data security company. Add to that the fines that are imposed on any merchant whose data is compromised, and it’s clear that the card associations are serious.

It is critically important that your business fulfill the PCI Data Security requirements. Think of it as a form of insurance. MasterCard and Visa will sometimes waive fines for a data security compromise if the merchant has shown due diligence in trying to protect their system.

Don’t Leave the Back Door Unlocked
A weak link in the security chain seems to be the merchant (software) applications, which must be continually tested and updated with security patches. A recent study showed that 75 percent of all data security attacks come in through a merchant’s (software) application. Hackers have learned how to trick many commonly used (software) applications into forwarding data through “back doors” that allow unauthenticated access. Off-the-shelf (software) applications must be monitored with great vigilance to remain secure over an extended period. Also ensure that all access to any paper files containing customer data and storage of transaction receipts is limited and protected from theft (employee theft and otherwise).

Payment Application Best Practices (PABP)
The PABP guidelines (detailed on Visa’s Web site) help to define how information should be protected, or not stored in the first place. That way, even if a hacker or thief makes it into your system, there’s nothing for them to steal. Based on the PCI Data Security Standard, PABP states that magnetic stripe data, including CVV2/CVC2 and PIN Verification Value, should NOT be stored. Additionally, merchants must make every possible effort to facilitate a secure network, including software updates and remote access to software applications.

No system can be made impervious to hackers and data theft. The key is to look at all aspects of your system, from servers and firewalls to cardholder databases, merchant software applications, paper filing systems and storage of transaction receipts and make sure that you are protecting every possible point of entry.

For more information on this or other inquiries concerning bankcard processing, contact Kimberly Layton at First Horizon Merchant Services at 1-866-638-8614.

1. Transaction World; December 2005; Gartner, Inc.

Reprinted from Central Vac Professional, November 2007