100 million shopper records; that is the latest total of customer records stolen from retailing giant Target. The episode, which included illegal access to 40 million debit and credit card records, was followed a few weeks later by the disclosure of another data theft from Neiman Marcus. And these are merely the highest publicized in a series of incidents in which the records of merchants large and small have been compromised.
How can we better safeguard customer data? One important part of the puzzle is maintaining PCI compliance. The Payment Card Industry Security Standards Council (PCI SSC) was founded in 2006 by five global payment brands — American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. It has framed a set of guidelines to ensure credit card transactions are handled safely and securely, protecting cardholder data at every step in the transaction process. These standards, PCI Data Security Standards (PCI DSS), must be met yearly by every merchant who processes credit/debit card transactions.
Because security breaches are happening at every level of business, taking the necessary steps to minimize the risk of your clients’ credit card data being compromised is vital. That is why PCI compliance is so important. Here are just a few standards the PCI Council created to help you protect credit/debit card information of customers you want to do business with again and again:
Credit/debit card information should never:
• be acquired or disclosed without the cardholder’s consent
• be electronically transmitted by email or any type of text messaging services
• be electronically stored
Credit/debit card information should always:
• be stored in a secured area with limited access (or avoid storing if possible)
• be moved, when necessary, in a way so that it can be tracked
• be shredded or incinerated when it is no longer needed
The impending move to mobile payments here in the U.S. can directly affect security standards as more and more transactions will be made with EMV (Europay, MasterCard and Visa) or “chip” cards. Known for their superior security, chip cards could potentially change the shape of PCI DSS. In fact, the Council’s Data Security Standard (DSS) is being updated this year, to reinforce defenses against increasingly sophisticated cyber-attacks.
The PCI Council is always working hard to enhance security to fend off fraudsters while emphasizing the importance of viewing security requirements as more than hoops to jump through. They hope to help all merchants see the value of compliance as a way to truly protect their businesses and customers.
But data breaches aren’t the only way merchants experience fraud. Typically, the most common types of fraud put you on the receiving end of customer ID theft via phishing attacks, social networks, malware, and card skimming. They include the whole gamut of card-present and card not-present purchases and even debit card cash-advance fraud. Gift card theft and forgery also are on the rise.
Particularly during busy times it’s easy for merchants and staff to overlook the security fundamentals of card transactions. Fortunately, there are signs to look for to stop fraud before it gets the best of your business. Here are 10 transaction red flags. Transactions like these might be legitimate, but they always deserve a second look:
1. A new customer, especially from out of the area.
2. Multiple card entries for high-dollar orders.
3. Billing and shipping information don’t match.
4. Multiple purchases of the same item.
5. Multiple transactions from a single IP address.
6. Sequences of similar account numbers.
7. One card used for sending shipments to multiple addresses.
8. Several cards used for shipping to a single address.
9. Rush orders.
10. An unsolicited phone authorization for a cash advance.
You can help minimize the risk of these fraud incidents by imposing company-wide procedures that include online mapping of shipping addresses, business name searches to check legitimacy, card validation without exception, and verbal authorization from issuing banks for any suspicious transactions. It’s also a good idea to set a transaction threshold above which management-level signoff is required.
They say that an ounce of prevention is worth a pound of cure. In the case of fraud prevention, it’s certainly less painful and costly. When you and your employees are vigilant, you protect your customers and your business’s reputation. Your first layers of protection include awareness of potentially fraudulent transactions and keeping your PCI compliance up to date. FBA
Anne Heraghty, Manager Partner Communications, Veracity Payment Solutions, is responsible for the development and delivery of the company’s monthly e-newsletter, association industry articles, and social media strategy. Anne is a passionate writer and enjoys educating our associations and partners on important payment industry information. Anne resides in Alpena, Michigan with her husband and two sons. When she is not writing for work, she enjoys writing essays and poetry and is a columnist for her local newspaper. For more information about Veracity Payment Solutions call 855-355-2666 or visit www.veracitypayments.com.