NEVER Assume Your Customers are Secure

The Need for Vigilance

Hot Tips for Enhancing Security

1. For merchants with a physical location, the first tip is obvious: implement full chip-and-PIN technology and say goodbye to verification of credit card signatures. Unfortunately, the PIN affords no extra protection for online transactions, because the chip can’t generate a PIN without a checkout terminal.
2. In general, collect and store the minimum amount possible of customer data. Collect only what’s required for the transaction. If possible, use transaction software that references customer data via tokenization without utilizing or transmitting account data.
3. Don’t store credit/debit card information on your premises. It should be stored by a third-party payment processor that complies with PCI DSS, a proprietary information security standard.
4. Encrypt all data transfers. Use end-to-end encryption (either TLS or SSL, which provide “https” domains). Also, make sure any apps you use stores data in an encrypted format.
5. Maintain the latest editions of antivirus and antimalware protection on all of your computers. Update and scan your computers at least once a day to check for new threats.
6. Train employees to collect only the minimum information necessary to complete a transaction. Restrict employee access to customer data on a “need-to-know” basis.
7. Educate yourself about PCI DSS and PA-DSS to learn how to maintain a secure infrastructure. Copious material on these two protocols is available online from the PCI Security Standards Council.
8. Use encrypted cloud storage and a private network equipped with a sturdy firewall, and regularly back up your data to the secure location.
9. Periodically verify that your privacy settings are up to date, including transaction limitation, security controls, restrictions and network settings.
10. Disconnect from your servers at the end of the day, thereby denying hackers a tempting target.
11. Use multiple servers, separating regular data from the sensitive variety. Tack extra precautions for the sensitive server.
12. Don’t request credit card or other sensitive information via an email, which is vulnerable to theft.
13. If you run a call center, institute the appropriately strict procedures and policies to safeguard customer information. This means, for example, not to enable access to customer contact data once a transaction has concluded.
14. Don’t automatically use defaults supplied by a software vendor for system passwords and security parameters.
15. Perform a criminal background check on all potential employees. Check also for civil actions against the job candidate.
16. Software exists to monitor and log all attempted and successful accesses to sensitive data. Make sure that this software is up, running and functioning properly, and inspect the logs at least daily.

You may have to dip into your capital to perform the work and possibly buy the equipment necessary to make your business as secure as possible. If that’s the case, consider a short-term commercial loan from IOU Financial – its fast, convenient, hassle-free and secure.