If you spend any amount of time online, you’re probably vaguely concerned about phishers and hackers. And if your online time includes credit card transactions, then you have the added worry of identity theft. It’s one of those things we’ve apparently just learned to live with, the same way that most of us don’t panic while traveling in a car, even though, statistically, a car accident can happen at almost any time.
Fortunately, just as you can take some basic precautions to reduce the chances of a traffic accident, you can also do a lot to drastically reduce the chances of credit card fraud. And as a business owner, you can protect your customers as well. It’s as simple as abiding by PCI regulations.
Understanding anti-fraud measures
What is PCI? The PCI stands for “Payment Card Industry.” The Payment Card Industry Council is a group of stakeholders within the credit card space. Council members include banks, credit card networks, and other participants. Together, they came up with a set of 12 regulations intended to enhance the security of credit card transactions, minimizing theft and interception.
While PCI compliance isn’t a legal requirement, credit card networks like Visa may refuse to accept transactions from payment processors who aren’t compliant. This means that a customer can swipe their card, but the transaction will be rejected. This could damage your reputation with that particular customer, in addition to costing you that sale.
And since Visa is the most common credit card, the risk of locking out all those customers makes compliance something worth looking into. Compliant merchant processors use military levels of end-to-end encryption, so that lowers the chances of someone stealing your customers’ credit card data. It also involves the development of detailed security protocols.
Physical and virtual security
These policies cover staff members who physically touch credit cards, as well as the data managers in charge of credit card information. These personnel – and the systems they control – should be strictly monitored, and they must all have their own user ID for accountability purposes. Your card security systems should be regularly tested and upgraded.
Passwords should never be left as their default setting, and they should never be shared among staffers. Everyone should have their own strong, unique password to the system. And even so, access should be issued to minimal staff members on a need-to-know basis. This not only keeps your company compliant, but it protects your customers’ information as well.
Another interesting element is your business level. Level 1 merchants have 6 million or more card transactions per year, while Level 4 merchants have fewer than 20,000. Each level has their own PCI recommendations, so check that you are keeping up with the rules required for your merchant level.
For more information on how PCI compliance helps with fraud prevention, or to sign up for a merchant account, please call (888) 924-2743 or go to Charge.com.