As the owner of a business that accepts credit card payments, you are obligated to keep your customers credit card data secure. You may process card payments at an in-store terminal, over the phone, on the Internet, via a mobile terminal, or any combination of the above. The Security Standards Council is a global forum that sets data security standards for the Payment Card Industry (PCI). All the software and equipment you use to process credit card payments must meet the Payment Card Industry Data Security Standards (PCI DSS). So must that of your merchant service provider. No company is exempt because of size. Even if your company is just you working out of your basement, you still must meet the standards for the protection of your customers’ data. Of course, you probably want to protect your customers, and they are dependent on you to keep their sensitive information safe. Being too lax in guarding your accounts could be costly.
The key to securing your customers’ data
We all hear news from time to time about a data breach within a company that compromised customers’ sensitive credit card data. You never want that news to be about you! The surest and most efficient way to approach this critical issue is to choose the right merchant service provider. You can buy your own card processing equipment and software and you can secure your own SSL security certificate. Then you need a merchant service provider that maintains a high level of security. But you may decide that the better way is to get all equipment and software along with the SSL security certificate from a merchant account provider, who has already taken steps to secure your customers sensitive data. Just make sure that you use a reputable merchant account provider who provides only software and equipment that is PCI compliant according to Data Security Standards.
If you have selected a comprehensive merchant service provider so you are assured all of your software and equipment is PCI compliant and web based processes are encrypted, then the next step is to put some common sense practical procedures in place for further protection. Of course, you do not want to leave printouts of orders lying about in a busy office. And in general, the fewer people who can access customer order information, the safer the data. If you do save customer data information it should be encrypted. In addition, processing company regulations are specific about stored credit card records. This means that software will typically not save the CVV code or any other tracking data from credit cards. If you keep paper files, the CVV code can be made unreadable on all copies. Before the paperwork is filed, block out the code completely. Do you take phone orders at your business and record the calls? If so, then save those records in an encrypted and password protected file. Layered protection of your customers’ credit card data is necessary to protect them and your business.
For more information regarding security measures to keep your customers credit card data secure, or to sign up for a own merchant account, please call (888) 924-2743 or go to Charge.com.