Protect your business
against Credit Card fraud:
Chris Black, CEO of NSPT
- According to the Verizon Business 2012 Breach Investigation Report
- 85% of breaches occur at small businesses
- 81% of breaches used some form of hacking
- 79% of breach victims were targets of opportunity
- 97% of breaches were avoidable through intermediate controls
- 96% of breach victims subject to PCI DSS were non-compliant
At the point of sale - Analyze the card for alterations, validate the ID, and use common sense. All cards have embossed account numbers, holographic images specific to each brand, and a signature panel. Please visit each card networks website for the full card design layouts specific to each brand.
Business operations– Develop a security policy to clearly identify how a credit card detail is processed, stored, and or transmitted at your business. Your company security policy should serve as a guide and be signed by any employee who has access to your credit card processing environment. Frequent training/refreshers should be provided to employees.
Become PCI DSS Compliant– Designed to protect card holder data and also safeguards other sensitive information.
Businesses are subject to the following fines if they are a victim of a data breach. $250,000 fine by the card networks, $20,000 Audit Fee, $10 per card detail stolen
PCI DSS Requirements
Businesses are required to be compliant and validate compliance annually. Completion of a Self-Assessment Questionnaire and quarterly network vulnerability scans must be completed. Utilize the service of a Qualified Security Assessor and Qualified Scan Vendor to validate your compliance.
- Step 1:Generate a scope of your current payment environment
- Step 2:Complete the Self-Assessment Questionnaire
- Step 3:Remediate any non-compliant standards
- Step 4:Complete and pass quarterly scan requirement
- *Monitor and recertify any changes throughout the year to maintain your compliance*
Who is required to become compliant? Any business that stores, processes, or transmits any cardholder personal account number data.
Who hold the liability of a breach? The merchant holds complete liability to become PCI DSS compliant, the breach, and any related fees.
Why become PCI DSS Compliant? Being PCI DSS Compliant is a due diligence requirement to strengthen your electronic payments environment. Increase your brand with consumer confidence. Obtain Safe Harbor Status to protect your business from the cost of a data breach. And, avoid any “non-compliant” fees you may currently have.
- Use system scanning software to detect any full card details you may have stored on your computer and/or servers.
- Remove personal account number storage from your current business practice if it is not absolutely required.
- Utilize a tokenization encryption tool to remove full card detail storage and still have the ability to process future payments.
- Use a payment gateway hosted form for ecommerce transactions.
- Prepare your business for EMV chip technology (euroPay MasterCard Visa)