AQ and Currency are collaborating on a series of blogs to combine our unique industry knowledge and experience. Read on for Part II.
In part 1 last week I covered some Payment Processing Best Practices. Now we’re going to go over some Do’s & Don’ts around protecting cardholder data security.
A great way to maintain customer confidence and keep your customers coming back is by protecting their sensitive card information. Using these Payment Card Industry Data Security Standards (PCI DSS) is the first step. Here’s a list of do’s and don’ts when it comes to PCI DSS.
- When accepting credit/debit cards online, ensure the proper firewalls are setup and your computer’s anti-virus software is up to date to mitigate the possibility of a data breach.
- Have your system scanned by a PCI DSS approved service provider annually to ensure you are taking all the proper precautions to prevent any kind of unauthorized access to your computer systems.
- If customer is present, validate the card with a valid government ID.
- Restrict employee access to “need to know” information only. For example, a sales representative typically doesn’t need access to credit card numbers or other personal cardholder information and access to it should be limited. Give each employee a unique login and password with permissions relating to their role, require passwords to be changed periodically and remove any access permissions immediately after an employee leaves your company. This will help maintain system security as well as track data activity by user. Have strict policies and vetting for those employees who do have access to customer information, including pre-employment and periodic background checks.
- Destroy anything with cardholder data on it, don’t just throw it in the trash.
- Don’t keep copies of cardholder data unsecured or unencrypted. All cardholder data should be kept in secured electronic storage locations I.e. the merchant's payment portal or tokenized in a secure system that’s regularly scanned and audited for security.
- Don’t share passwords or use simple or easily guessed passwords that could be easily hacked.
- Never save AVS or CVV data as prohibited by card brand association rules.
- Don’t allow customer personally identifiable information to leave your offices or company owned and controlled equipment. It is also not recommended to allow the use of personal devices by employees for work activities.
If you have any questions or would like to speak with a specialist to get started with CurrencyPay® or AQ pay, please reach out by phone at 1-866-452-8324, email sales@AQ-FES.com or visit www.AQ-FES.com.
Related Links: Payment Processing Best Practices: How to Mitigate Risk, AutoQuotes Launches AQ Pay, Powered by Currency, Introducing AQ Pay: Simplifying the Payments Process – Q & A from our Latest Webinar