In order to safeguard the privacy of all companies processing cards and accepting payments, consumers, and the soundness of the credit card services system as a whole, all organizations that provide merchant services have joined forces to develop a set of rules designed to keep sensitive consumer account data safe from unauthorized use.
The information in the table below offers a cursory overview of the most critical aspects of the card account data protection management:
Storing Consumer Account Data |
- In a few words, don't ever store the information mentioned below, under any circumstances:
- The whole contents of or any portions of the payment card's magnetic stripe.
- Card security validation codes. These are of course the 3-digit numbers found in the right corner of the signature's field on the back of all legitimate MasterCard, Discover, JCB, Visa and Diners Club bank cards, and the 4-digit numbers found on the front of all valid American Express payment cards.
- Store only those information elements of the cardholder's account that are definitely necessary to your operations, such as consumer name, card account number and card's expiration date.
- Store all material storing the above mentioned information (e.g. sales authorization logs, transaction activity reports, sales receipts and copies, etc) in a well-protected area that is not accessible to any unauthorized staff.
|
Destruction of Account Information | You need to destroy or otherwise make unreadable in some way all of the media that displays old sales or return information containing any types of consumer data. |
Use of Sales Agents and Other Third-Party Providers (such as Vendors, Transaction Processors, Software Providers, E-Commerce Payment Gateways and Any Other Types of Service Providers) |
- Ensure that all payment processors or other organizations that represent any one of your bank card brands or any agents that participate in, or want to participate in, the processing or saving of transaction information on your behalf, whatever the type or length of such activities may happen to be.
- Ensure that all of these credit card services agents first achieve and maintain compliance with all rules and requirements in regards to consumer information security. Any misstep by your third-party agent will inevitably lead to an increase in your own risk exposure and will then be the cause of undesirable inconvenience to your organization.
|
How to Report a Data Security Event |
- In the event that payment data is accessed or otherwise taken hold of by someone without proper authorization, you need to immediately contact your payment processing provider or credit card services contact for each one of your card brands .
- By filing this report you will not only minimize the risk for the transaction processing system in its entirety, but you will also help safeguard your customers' data in the best way possible. Systems and processes have been set up to immediately stop all of the unallowed use of compromised data, however these are only effective if you and your company (and all other credit card services providers) do your own part to report the security event in a timely manner.
|
If you implement these requirements into your company's information protection procedures you will be certain to be compliant with all applicable credit cards services data security rules.
No comments:
Post a Comment